ctf

Challenge Description This challenge was a web application that implemented a simple banking system. In the description, they state that the bank “is of course backed by crypto and AI which makes it better than any other banking system out there”, but luckily a simple code review revealed that these were just lies from their marketing department. Once a user registered, they were given 10.0 CHF 3 bank accounts: the Current account, a Checkings account, and the Savings account....

Every year, we participate to Cyberchallenge.IT, a training program for students between the age of 16 and 24 to build the next generation of cyber security professionals. At the University of Trento, we run a training program for a selected number of students with lectures and laboratories on different topics, such as: Web Security Cryptography Reverse Engineering Binary Exploitation (pwn) Network Security Some forensics, a bit of OSINT The Students registration is open!...

Challenge Description The challenge was a web application that allowed users to create and share password-protected notes. The application is written in PHP and uses a MySQL database to store the notes. When creating a note, the user must enter a title, some content, and a password that is used to encrypt the note. The note is then stored in the database and the user is given a link to share the note with others....

As the name of the challenge suggests, we are dealing with graphs (https://en.wikipedia.org/wiki/Seven_Bridges_of_K%C3%B6nigsberg). There will probably be a graph implemented in some way inside the binary, and the goal will probably be to traverse each and every node only once. Reverse-engineering The challenge comes in the form of a x86_64 ELF binary, with symbols. The main function is pretty simple: undefined8 main(void) { int iVar1; size_t sVar2; long in_FS_OFFSET; char input [104]; long local_10; local_10 = *(long *)(in_FS_OFFSET + 0x28); setbuf(stdout,NULL); setbuf(stdin,NULL); puts("Send me the damn flag....

Challenge description What do you call a cold pug? A pugsicle! Website: http://pugwar.challs.srdnlen.it Author: @Octaviusss This time we don’t have source code. The X-Powered-By header returned by the server is equal to Express so most likely we are attacking a Node.js application. The application offers the following functionality: Registration/Login Creating a pug with a name, ability and secret associated with your user (/choose-fighters) Edit the ability of a pug that you created (/fighter-customization) In the Hall Of Fame page we see a pug called Mario with its ability....