Web C2 Our forensics teams have discovered this Golang command and control server on a compromised system. Can you exfiltrate the flag? http://challs.nusgreyhats.org:33203 https://storage.googleapis.com/greyctf25-challs/dist-c2.zip

Collection of writeups from NUS Greyhats Game Game 1, 2 and 3 features the identical RPG Maker Game but built for different platforms (exe, APK and web). For all three games, the flags are split into 5 parts and stored in the following locations Flag 1 is an item that's dropped after defeating level 1. Flag 2 is an item that's dropped after defeating level 2. Flag 3 can be found in a chest after defeating level 3.

This sheets are used in case of technical difficulties. This sheets might be outdated. Do access the challenges on the official CTF site if it is up. Greycat's Adventure TimeLock Welcome to Greycat's Adventure, my totally original, well-coded and unhackable game! You will never get past my timelock! How can you wait for 50 hours in a 24-hour ctf!??

Hello, Elma/caprinux here. Hope you guys enjoyed the CTF challenges this year. Here are some writeups that I made for some of the challenges Pi Master (miscellaneous) tldr; pwntools scripting If you have attended the welcome tea session, I am sure that you are well prepared for our Nth digit of pi questions >:) If we connect to the server, the instructions are apparent The first 6 digits of pi are "3.14159" whereby 3 is the 1st digit, 1 is the 2nd digit, 4 is the 3rd digit and so on.

Imaginary CTF 2023 has just ended and it once again did not disappoint. The CTF featured a variety of fun and interesting challenges. Kudos to the organizers for yet another successful event. One of the interesting challenges that I solved this year was window-of-opportunity, which is a kernelspace pwn challenge. In this writeup, I will share my thought processes and hopefully bring you some insights or new knowledge into the world of kernelspace! Sometimes, there is a glimmer of hope, a spark of inspiration, a window of opportunity. . ├── bzImage ├── decompress.sh ├── gdb.sh

Shellcode As A Service As indicated by the challenge name and description, we have to write shellcode that will be executed by the program. We are given an initial write of 6 bytes long, which allows us to get a second stage write. There is open, read seccomp, preventing us from printing flag. We can write a loop in assembly to read one character at a time, and terminate if the character is incorrect. from pwn import * context.terminal = ["tmux", "neww"]

Initial Analysis We are provided with a 64-bit windows executable. If we throw it into IDA, we can see that it did not manage to find the main function. However we have the _start function and we can easily find this main function ourselves by either looking for strings in the program and finding cross references or clicking into the start function and finding the main function (somewhere in the last block), which can be identified by the function call right after 3 arguments are being loaded (r8, rdx, ecx). If we look inside the main function, we see that our program presents us with a menu. If we look inside option 1, we see that it calls VirtualProtect on an address of our choice.

pwn challenge from wgmy2022 FlagChecker.zip ├── bin │   ├── flag_checker │   └── flag.txt ├── ctf.xinetd ├── docker-compose.yml ├── Dockerfile └── start.sh