Link to archived challenge Category Difficulty Solves Author reverse hard 3 sudoBash418 Description This one seems a bit trickier than the last. Good news though: I received word of a new form of black magic called “symbolic execution” - supposedly it can extract flags from even the trickiest of binaries! Have fun! Players are given two files to download: flag-checker and flag-checker-arm64. There are also three hints available: angr should prove useful....
Link to archived challenge Category Difficulty Solves Author reverse hard 1 sudoBash418 Description Looks like they’ve gotten smarter: this time the flag is locked behind a hash function! You might need the dark art of optimization for this one. I’m sure you’ll figure it out. Can’t promise you won’t be cursed in the process though :P Players are given two files to download: flag-checker and flag-checker-arm64. There are also three hints available:...
Link to archived challenge Category Difficulty Solves Author reverse easy 20 sudoBash418 Description We’ve found a password verifier made by 0ph10n, one of the t3l0s operatives. Rumor has it, this password controls access to some of their monitoring services, which would be very valuable to our efforts. Can you figure out what the correct password is? Players are given a file to download: password_checker.py. Analysis The script we’re given is a basic password checker: it asks for the password and tells you if it’s correct or not....
Challenge web/scorescope by BrownieInMotion 55 solves / 156 points I’m really struggling in this class. Care to give me a hand? scorescope.mc.ax Visiting the link reveals an automated grading system, with the ability to upload any Python file. The assignment description reads: This is a Python programming homework assignment. The template below contains a number of unimplemented functions; your task is to implement each one according to the docstring provided....
Preface The organizers of MagpieCTF 2022 were kind enough to publicly release their challenges along with their official writeups on GitHub, and you can view the files for this challenge here. The Challenge You have gained access to a company employee’s home directory. He was the target of a specialized spear-fishing campaign where we successfully stole his credentials. More specifically, this user was targeted because our recon intel indicated that they have permissions to run a program which contains information on top secret patents....