Real World CTF 2018 | Magic Tunnel

Must be a submarine to cross the English channel?


The Magic Tunnel challenge was an online photo album. The photo album had a simple form to enter a URL of a photo to download and display on the user’s photo album. If we submit a URL, it downloads the file at that URL and adds an img tag with the src attribute pointing to the path of the downloaded file.

Google CTF 2018 | MITM

Man in the Middle communication between the client and the server. $ nc mitm.ctfcompetition.com 1337


This problem gave us a challenge.py script, which is run at the address and port above. According to the script, we’d be asked whether we would like to talk to the server or client. The server/client then attempts to initiate a handshake with us, thinking that we’re the other.

Google CTF 2018 | Feel It

I have a feeling there is a flag there somewhere


For this problem, we are provided with a USB PCAP. These types of challenges typically will hide the flag in a way that’s associated with the purpose of the USB device (ie. typing out the flag for a keyboard or drawing out the flag for a mouse). The first thing to do is to figure out what type of USB device we’re dealing with. This will give us a better idea on what the data containing the flag may look like.

Codegate 2018 | Miro

Do you wanna play the game? : D


Note: My original writeup was posted on our writeup repo along with the handout & solution files.

Miro was a cryptography challenge in which a Python script, client.py, and PCAP, miro.pcap are given.

client.py allowed us to connect to a maze game, where the maze was the same every time and there was a single path. At first, we could move down and right, but once we tried to move left, it gave an error. Examining client.py, we noticed the following section of code.

Pagination


© 2018. All rights reserved.

Powered by Hydejack v8.5.1