Stack Overflow
Stack Overflow

Questions tagged [ctf]

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as cryptography, steganography and reverse engineering. Typically this involves bypassing poorly-implemented security measures.

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as , and . Typically this involves bypassing poorly-implemented security measures.

162 questions
6
votes
1 answer

Is there a way to hide the python language version from the script that is being run?

I am considering creating a coding puzzle where the point would be that different versions of python behave differently. For this, I would like to prevent the player-provided python script from trivially figuring out the python version. I consider…
lucidbrot
  • 5,378
  • 3
  • 39
  • 68
4
votes
1 answer

RSA crypto when p==q

I participated in DawgCTF 2 days ago. And I was about to solve RSA problem but I couldn't solve. DawgCTF's RSA problem was given n, e, c. so, I factorized n using factordb, and the result of n was the square of only one prime.(That is, n=p^2) I've…
y J.
  • 131
  • 4
4
votes
1 answer

Passing integer to php $_GET via url

So I'm doing some CTF and one of the challenge is about php type juggling. The code looks something like this if($_GET['var1'] == hash('md4', $_GET['var1'])) { //print flag } So I was 80% sure that I need to pass in an integer so it'll be true but…
Rui Dian
  • 75
  • 6
4
votes
1 answer

Setuid binary to spawn root shell by overriding %n, does not work with exploit but works when exploit is unnecessary

I have a Setuid binary that has a printf format string vulnerability that is supposed to be exploited with "%n" to overwrite the value of the authenticated global variable. The execution of /bin/bash works with root Setuid permissions when…
ddaarrkkssttaar
  • 51
  • 5
3
votes
2 answers

Unable to successfully use hydra, http-post-form with Cookie value

I am doing some CTF and stumbled upon a problem with Hydra when trying to use it towards a post request. I allready know how to solve this, but I am having truble with Hydra. Intecepted from burp POST /administrator/index.php HTTP/1.1 Host:…
tryingsohard
  • 59
  • 1
  • 3
3
votes
1 answer

Where do registers AL and AX overflow to?

Please tell me what will be the result of the following assembly (pseudo)code? We have set all bits of the register EAX to 0, so in turn we also have AH, AL, and AX as 0. But when I subtract the lowest bit of AL, we will take the two's complement…
Animesh Sinha
  • 817
  • 2
  • 11
  • 24
2
votes
1 answer

Jinja2 SSTI filter bypasses

I'm doing a Capture The Flag (CTF) and I'm trying to exploit a server vulnerable to Jinja2 Server Side Template Injection (SSTI). I can't use the following characters: \, |, ,, . and _. I'm trying to write the following…
faint
  • 21
  • 1
2
votes
1 answer

How to exploit BOF vulnerability if canary is present but no way to find out its value

Here is a simple CTF challenge with BOF exploiting. #include #include #include void func(int key){ char overflowme[32]; printf("overflow me : "); gets(overflowme); // smash me! if(key ==…
Roman
  • 33
  • 7
2
votes
2 answers

how to know the secret number from srand(time(0))

I had a network security class in my university. And there is a challenge for finding a secret number. Here is the code #include #include #include void init() { setbuf(stdin, NULL); setbuf(stdout, NULL); } int…
Peter Harry
  • 23
  • 5
2
votes
1 answer

Why does "(echo && cat) | nc " creates a persistent connection?

I began with playing ctfs challenges, and I encountered a problem where I needed to send an exploit into a binary and then interact with the spawned shell. I found a solution to this problem which looks something like this: (echo -ne…
mikel bubi
  • 123
  • 1
  • 1
  • 7
2
votes
1 answer

Printf %x string vulnerbility and stack interaction

I'm trying to understand the connection between the stack content at call 0x555555554580 if you execute printf("%lx%lx%lx%lx%lx%lx"). Assume my stack looks like 0x00007fffffffd850│+0x0000: 0x0000000000000001…
ASP
  • 33
  • 2
2
votes
1 answer

How can i check a base64 string is a file(what type?) or not?

I took the Spentalkux challenge on https://2020.ractf.co.uk/. This is the first time I do a CTF challenge so I went through a solution on https://github.com/W3rni0/RACTF_2020/blob/master/readme.md#spentalkux When I receive this base64 string :…
Huy Trần Quang
  • 23
  • 1
  • 5
2
votes
0 answers

Why does PHP include statement treat contents following '?/../' as a path from current directory?

Given a script temp.php in current user directory ~: #!/usr/bin/php Using the script above, one can pass a filename as argument and retrieve its text content.…
kayochin
  • 431
  • 6
  • 11
2
votes
1 answer

Segfault in ret2libc attack, but not hardcoded system call

I have the following protostar challenge #include #include #include #include void getpath() { char buffer[BUFFSIZE]; char flagBuffer[64]; FILE *fp; unsigned int ret; printf("input path please:…
Tim Winters
  • 159
  • 2
  • 7
2
votes
3 answers

Hide Answers of Python Quiz

This is my first post here so hopefully someone will be able to give me some help! I'm currently working on a Capture The Flag (CTF) for a university project, as a part of it I want to involve a Python quiz; to validate whether or not the users…
Efan Headford
  • 21
  • 1
1
2 3
10 11