[PatriotCTF'23] Flower Shop
Flower Shop This web challenge involves exploiting a exec statement in a vulnerable PHP script. Apparently this solution was unintended, but it made the challenge a whole lot easier as the intended solution was almost impossible to solve.
Description Flowers!
The files for this challenge can be found here.
Overview Upon visiting the site, we see that there are fields to sign up, login, and reset one’s password. The login and signup functionalities seem to function normally and do not seem vulnerable to SQL injections.
[PatriotCTF'23] Printshop
Printshop This pwn challenge involved exploiting a printf format string vulnerability to overwrite the exit function in the GOT table to point to the win function, which prints the flag.
Description That print shop down the road is useless, can you make it do something interesting?
You can get the challenge file here.
Overview Upon dumping the binary into a disassembler (in my case I use Binary Ninja), we see that there are 2 functions, main and win.
[PatriotCTF'23] Breakfast club
Patriot CTF: Breakfast club This was a cryptography challenge focused on hash cracking. The challenge involved various hashing algorithms, and each character in the flag was hashed using a different algorithm. The objective was to crack the hash for each algorithm to retrieve the flag.
The Challenge As the sysadmin for your college, you're responsible for overseeing the security of all the clubs. One of the on campus orginizations is a breakfast club with their own personal website that the leader assured you was "unhackable".
[PatriotCTF’23] My phone!
Patriot CTF: My phone! This was a simple Crypto challenge where we had to figure out the location of a phone thief, that was encrypted by a odd cipher.
The Challenge Some weird triangle man stole my phone, he taunted me by sending me his location but it seems to be encrypted with some odd cipher I've never seen before, could you please help me get my phone back? Solution I first just searched up symbol ciphers but I was confused between Blitz Cipher and Bill’s Cipher as they both look kind of familiar.
[PatriotCTF'23] Pick Your Starter
Pick Your Starter This was a web challenge that involves the use of exploiting Jinja2 SSTI and navigating around filters to gain remote code execution to read the flag.
Description Picking a starter is hard, I hope you can do it.
Overview When we go to the site, we are greeted with pictures of the 3 starter pokemons, and when we click on them, we are redirected to /{pokemon name}.