Ctf

Link for the challenge is here 1. Challenge Overview After clicking on the link of the challenge, the website asks for permission to get our geographical location. Also, according to the text on the screen, it seems like we’re playing a game of numbers against opponents of the same Elo (or level), hence the “find match” button. Say we allow the web application our location. We see a welcome message containing what seems to be a random username and a starting elo of 1000....

Challenge attachments and code here 1. Challenge overview After starting the instance of the challenge, we’re faced with what looks like a tic tac toe game over a web front. As we can see below, we can deploy and ping the game server, then click on the squares to send an HTTP request to the game server containing our game state. Since the UI doesn’t give away much of the web application’s logic, let’s dive into the source code to see how the latter works, namely, what endpoints are there and which of those can we tamper with....

To solve the “Trendz” CTF challenge, exploit JWT token validation and secret key exposure. By accessing the /static endpoint to retrieve the JWT secret, craft a valid token with the “admin” role to view the hidden post and obtain the flag.

The challenge demonstrated a race condition vulnerability in post creation due to non-atomic operations. This allowed concurrent requests to bypass post limits. Key lessons include ensuring atomic operations, reviewing code for vulnerabilities, and using automated scripts for testing.

In this CTF challenge, we exploited a web app’s validation mechanism by setting a custom validation server with debug mode enabled. This allowed us to bypass feature access controls and perform Remote Code Execution (RCE) to retrieve the flag.

The article explains exploiting a race condition in a Starlette app to bypass os.stat checks, using symlinks, and ultimately retrieving the flag from /proc/self/environ.

Challenge Description name: Intruder category: web exploitation points: 100pts solves: 89 solves I just made a book library website! Let me know what you think of it! Note: Due to security issue, you can’t add a book now. Please come by later! Solution We are given the following web page: The application is built using ASP.NET Core, which is a cross-platform framework for developing dynamic, high-performance web solutions. You can read more here...

Challenge Description name: hello category: web exploitation points: 136 ctf-date: Aug 17th, 2024 Just to warm you up for the next Fight :“D Note: the admin bot is not on the same machine as the challenge itself and the .chal.idek.team:1337 URL should be used for the admin bot URL Challenge Analysis We’re given two links and a source code for the admin bot. challenge link: http://idek-hello.chal.idek.team:1337 admin bot link: https://admin-bot.idek.team/idek-hello Since the admin bot is not on the same machine as the challenge, we should expect that the flag will be retrieved using a technique like XSS, CSRF…etc...

Challenge Description name: traversed category: web points: 123 I made this website! you can’t see anything else though… right?? URL: http://litctf.org:31778/ Solution Based on the name of the challenge, I can feel a path traversal vulnerability looming around lol, anyway, let’s check the website: As we can see, nothing is in the page, the hint though lies within the url bar, let’s check if can traverse the the filesystem and reveal the contents of /etc/passwd....

Challenge Description name: jwt-2 category: web points: 117 its like jwt-1 but this one is harder URL: http://litctf.org:31777/ Solution The description is very clear, the vulnerability should be in how the signature is handled, but instead of no verification at all, we should expect something harder this time. My first hunch tells me to brute force the key used to generate the jwt token, but we’re actually given the source code....