Real World CTF 2018 | Magic Tunnel

Must be a submarine to cross the English channel?

The Magic Tunnel challenge was an online photo album. The photo album had a simple form to enter a URL of a photo to download and display on the user’s photo album. If we submit a URL, it downloads the file at that URL and adds an img tag with the src attribute pointing to the path of the downloaded file.

Google CTF 2018 | MITM

Man in the Middle communication between the client and the server. $ nc 1337

This problem gave us a script, which is run at the address and port above. According to the script, we’d be asked whether we would like to talk to the server or client. The server/client then attempts to initiate a handshake with us, thinking that we’re the other.

Google CTF 2018 | Feel It

I have a feeling there is a flag there somewhere

For this problem, we are provided with a USB PCAP. These types of challenges typically will hide the flag in a way that’s associated with the purpose of the USB device (ie. typing out the flag for a keyboard or drawing out the flag for a mouse). The first thing to do is to figure out what type of USB device we’re dealing with. This will give us a better idea on what the data containing the flag may look like.

Codegate 2018 | Miro

Do you wanna play the game? : D

Note: My original writeup was posted on our writeup repo along with the handout & solution files.

Miro was a cryptography challenge in which a Python script,, and PCAP, miro.pcap are given. allowed us to connect to a maze game, where the maze was the same every time and there was a single path. At first, we could move down and right, but once we tried to move left, it gave an error. Examining, we noticed the following section of code.


© 2018. All rights reserved.

Powered by Hydejack v8.5.1