[PatriotCTF'23] Pick Your Starter
Pick Your Starter This was a web challenge that involves the use of exploiting Jinja2 SSTI and navigating around filters to gain remote code execution to read the flag.
Description Picking a starter is hard, I hope you can do it.
Overview When we go to the site, we are greeted with pictures of the 3 starter pokemons, and when we click on them, we are redirected to /{pokemon name}.
[PatriotCTF'23] Guessinggame
Guessing Game Description No one seems to be able to guess my favorite animal… Can you?
You can download the source file here
Decompilation First, let’s disassemble the file and have a look inside.
At first glance, it seems like the correct answer is Giraffe. However, if we continue reading, we see that no matter what input we give, it will always reject our input 馃槩
Solution In the decompilation output above, we can see that the program is using gets to retrieve user input. gets may vulnerable to a buffer overflow attack as it does not perform any sort of bounds checking, allowing us to write beyond the memory we are allocated.
[PatriotCTF'23] Rouge Access Point
Patriot CTF: Rouge Access Point This was an OSINT challenge where we had to find the SSID of an access point, given the BSSID.
The Challenge We've received a notice from our companies EDR software that a laptop was attacked while they were on WFH. The employee says they were at home when it happened, but we suspect they were using public wifi. Our EDR software managed to capture the BSSID of the wifi (46:D1:FA:63:BC:66) network before it got disconnected, but not the SSID. Can you still find the network they were connected to? From here, we have one important piece of information, which was the BSSID of the wifi 46:D1:FA:63:BC:66.
[PatriotCTF'23] Unsupported Format
Patriot CTF: Unsupported Format This was an image fixing forensics challenge, where they gave a corrupted image file. The point was to fix the image and retrieve the flag.
The Challenge My friend sent me a picture of his brand new computer, but something strange happened to it and now it says "Unsupported Format" when I try to open it. Can you try to help me recover the image? Trying to open the attached challenge image file would result in something like this:
[DuCTF'23] Faraday
DUCTF'23: Faraday This was a pretty interesting OSINT challenge which made use of GSMA’s Location API, to determine a target’s location using their phone number. It verifies if the device location is within a requested area based on their network activity (cell tower triangulation, GPS and Wi-Fi hotspot data)
The Challenge faraday | 100 | medium | 359 Solves We've been trying to follow our target Faraday but we don't know where he is. All we know is that he's somewhere in Victoria and his phone number is +61491578888. Luckily, we have early access to the GSMA's new location API. Let's see what we can do with this. The flag is the name of the Victorian town our target is in, in all lowercase with no spaces, surrounded by DUCTF{}. For example, if Faraday was in Swan Hill, the solution would be DUCTF{swanhill}. Author: hashkitten https://osint-faraday-9e36cbd6acad.2023.ductf.dev/docs The link leads to a RESTful API site. Toggling POST, we are greeted by this: