In this web challenge we have a short PHP code where it is possible to execute arbitrary code after bypassing two input sanitization filters. First, we have an input length limitation protection...
BambooFox CTF 2021 – Time to Draw [Web]
Time to Draw is a web challenge based on Node.js. The main page presented a canvas on which one could draw by clicking on it, and several buttons on the right side. One of those buttons showed the ...
hxp CTF 2020 – EXCELlence [Reversing]
EXCELlent is a medium difficulty challenge that got 58 solves. It reads: Excellent CTFs need excellent business strategies, and what would be more appropriate than Microsoft ® Excel ™? Of course...
2020 Metasploit Community CTF - 8 of Hearts (port 4545) [Pwn]
In this challenge our goal is to decrypt the flag using a binary called 8_of_hearts.elf. Looking at this binary we see that there is an encryption routine where each byte is decoded with an XOR ope...
2020 Metasploit Community CTF - 6 of Diamonds (port 8200) [Web]
This challenge is a web application where images can be uploaded and then be viewed in an image gallery. The only checks that are made when uploading the images are the extension check and the M...
2020 Metasploit Community CTF – 7 of Spades (port 8888) [Web]
Port 8888 hosts a Python Werkzeug web server. The main page shows a list of Metasploit modules which can be filtered by the options in the top menu. After several minutes of looking around for c...
2020 Metasploit Community CTF – Queen of Spades (port 8202) [Web]
Port 8202 hosts a web application with a single login form. Trying to login with random credentials, we observed that it calls a GraphQL API to authenticate against the remote server. With the f...
2020 Metasploit Community CTF - 9 of Clubs (port 1337) [Pwn]
Port 1337 hosts a TCP service that prompts the user to choose one of several options, and later takes some text input. After trying several techniques, we discovered that it had a format string vul...
2020 Metasploit Community CTF – 8 of Spades (port 1080) [Networks]
Port 1080 shows a SOCKS 5 service running. We tried establishing a connection through this service, but upon failure we thought it was a false positive brought by the default nmap scripts, so we...
2020 Metasploit Community CTF - Ace of Clubs (port 9009) [PrivEsc]
Port 9009 shows an OpenSSH service running. Our first step was to brute force the login, which resulted in us gaining access with the trivial user/password combination of admin:password. After a...