This repository has been archived by the owner on Jun 9, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
concepts.txt
18 lines (11 loc) · 2.31 KB
/
concepts.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
* = complete with solution
+ = challenge written, needs solution
-- PWNABLES --
* 100 - bfbo - This challenge will give the player a binary with a vulnerable BO that they will need to use to jump into a function that normally wouldn't be called. This function will read a flag from disk and print it out to the user. This challenge requires the player to simply overflow a buffer, use the correct address of the uncalled func, and glory will be released!
* 200 - bfpl - This challenge will give the player the ability to run arbitrary shellcode to get the flag. Players will need to find /bin/sh, or any shellcode of their choice, to get the flag.
-- REVERSE ENGINEERING --
* 100 - sgnirts - Since this is an intro CTF, this challenge will force the player to use Linux commands to enumerate over a binary. The flag will be included in the binary as a string that can be found usings "strings", but with a twist requring some command line options!
* 200 - sup3rs3ri4l - Force the player to reverse engineer a binary that uses a unique serial number to unlock hidden functionality. If the serial is correct, it will be the flag. This challenge will force the player to open a disassembler, run objdump, among other command line tools and view a small application.
-- WEB --
* 100 - tmi - Login page to the tmi app provides a bit too much information by returning the string comparison result for a password stored in plaintext on the backend. Characters are compared one at a time and when a mismatch is found, the strcmp resust is returned (in a friendly way, e.g. failed with loop run i=5). This is simple enough that it can be brute forced by hand for those not familiar with automation, but also trivially automated. Covers: Request modification techniques. HTML parsing and debugging. Algorithm inference.
* 200 - buynow - Create a new account on this online CTF flag store, but you won't have enough money to buy the only item for sale, a CTF flag for this challenge. Security is enforced by knowing the session id of the another account (which ends up being an unsigned base 16 encoded json blob). Hints are available if you create multiple accounts and transfer money between them but it will take forever to get enough to buy the flag that way. Find a hidden listing of top users and take over another account to buy the flag. Covers: Session hijacking.