.;,;.
Mediocre CTF Bingo

Mediocre CTF Bingo

stuckin stuckin
October 13, 2024
2 min read
meta
Latest Post Hack.lu CTF 2024: “Blazing Fast Workout Planner”
Previous Post Hi guys
Table of Contents

Introduction

Stephen graciously started this blog for us to “host unhinged rambling” (stuxf 2024). I accept his generous invitation and will now list a bunch of stuff that I think is annoying in CTFs.

Pwn

  • Buffer overflow challenge where there’s a get_flag function
  • Basic buffer overflow challenge where the only thing that’s different is the size of the buffer and the theme/message.
  • Heap challenge that boils down to “replicate house of X, no changes”.
  • All pwn challenges run on linux and require knowledge of GLibc internals

Rev

  • More layers means more fun!!!! :( :( :(
  • Intro challenge can be solved in < 1 minute with Angr
  • It’s a compiled crypto challenge.
  • Solved in < 20 minutes by breakpointing on read or checker function and tracing dataflow.
  • Binary is written in hard-to-read language (Haskell, Rust, Go, etc.) but you never have to reverse it b/c there’s a side channel (boo hoo if you actually spent the time figuring out how it works)
Latest Post Hack.lu CTF 2024: “Blazing Fast Workout Planner”
Previous Post Hi guys