Singapore Cyber Conquest 2017

less than 1 minute read

The NUS Greyhats played in the Singapore Cyber Conquest 2017 held at the GovWare 2017 conference as part of the Singapore International Cyber week. Two of ou...

Singapore Cyber Conquest 2017 - Web 3 (Web)

less than 1 minute read

Using the SQL injection vulnerability to write a PHP file to the disk and executing it with a local file inclusion vulnerability gives remote code execution.

HITBGSEC CTF 2017

less than 1 minute read

I participated with the NUS Greyhats in this year’s HITBGSEC CTF 2017. It was organised by the HITB Netherlands CTF team and the XCTF League crew. It ran ext...

HITBGSEC CTF 2017 - Pasty (Web)

2 minute read

JSON Web Tokens have no means of authenticating the header and thus can be abused to manipulate the server into verifying a forged signed message with a key ...

HITBGSEC CTF 2017 - arrdeepee (Misc)

5 minute read

Extracting the private key into a PEM file from a PKCS12 file transmitted over UDP allows the investigator to decrypt an RDP session and recover some secret ...

HITBGSEC CTF 2017 - 1000levels (Pwn)

9 minute read

Uninitialised variable usage allows for reliable exploitation of a classic stack overflow on a NX and PIE enabled binary using gadgets from the vsyscall page...

CTF(x) 2016 - Harambe Hub (Web)

3 minute read

Use of String.match as opposed to String.equals in Java allows an attacker to recover sensitive input such as an admin username character by character with r...

CTF(x) 2016 - Dat Boinary (Binary)

1 minute read

Off-by-one error allows overwrite of a null byte that allows for a struct to be completely filled with non-null bytes which tricks strlen into returning a la...

CTF(x) 2016 - Custom Auth (Crypto)

less than 1 minute read

A cookie using ECB mode encryption allows an attacker to forge admin privileges by rearranging encrypted blocks for decryption.

X-CTF 2016 - The Snek (Web)

6 minute read

PHP local file inclusion vulnerability leads to source code disclosure revealing python code vulnerable to a hash extension attack allowing an attacker to fa...

32C3CTF - TinyHosting (Web 250)

3 minute read

A PHP service that allows uploading of small files (<= 7 bytes) with arbitrary filenames within a browsable path.

32C3CTF - Teufel (Pwn 200)

6 minute read

Exploit a tiny binary with an extremely customised memory mapping with an infoleak leading to libc disclosure and jump to magic shell address.

32C3CTF - Gurke (Misc 300)

1 minute read

Remote code execution in a seccomp protected python service requiring manipulating python internals to retrieve the flag in memory.

ASIS CTF Finals 2015 - Shop 1 (Pwn)

3 minute read

An off-by-one error allows an attacker to leak return codes from memcmp to determine the difference in the supplied byte and the compared byte to leak the fl...

ASIS CTF Finals 2015 - Myblog (Web)

2 minute read

Server-side request forgery in a PDF page printer service in PHP leading to disclosure of secrets in a server-side PHP source code.

ASIS CTF Finals 2015 - Impossible (Web)

4 minute read

Type juggling in PHP’s weak comparison operator (==) allows an attacker to generate passwords to an administrator account and bypass the original MD5 hashing...

ASIS CTF Finals 2015 - Bodu (Crypto)

2 minute read

Use the Boneh-Durfee attack on low private exponents to recover the original two prime factors comprising the private key and decrypt an encrypted flag.

PoliCTF 2015

less than 1 minute read

Dystopian Narwhals participated in PoliCTF 2015, and it was a lot of fun. The challenges were challenging, yet engaging and we ended up with a score of 1258 ...

TKBCTF 4 - rand

1 minute read

First Javascript challenge released out of 2 Javascript challenges.

TKBCTF 4 - args

1 minute read

Second javascript challenge for the CTF. Similar in concept to the previous javascript challenge, rand, you are given a Sandboxed node.js REPL to play with.

CSCAMP CTF 2012 - Exploit 200

less than 1 minute read

This binary is vulnerable to a buffer overflow in the strncpy function called in the main function with user supplied input. It takes in two arguments, argum...

CSCAMP CTF 2012 - Exploit 100

less than 1 minute read

This was more of a reversing puzzle than an exploitation one. The binary accepts a parameter as a password. It checks if the password is correct and cats the...

CSCAMP CTF 2012 - Web300

1 minute read

In this challenge, an image divided into blocks has its blocks scrambled not unlike a sliding block puzzle (http://en.wikipedia.org/wiki/Sliding_puzzle). The...

CSCAMP CTF 2012 - Web200

less than 1 minute read

In this puzzle, you had to evaluate an equation encoded in base64 in an array structure consisting of values and operands hidden in a custom header. The obje...

Hack.lu CTF 2012 - Big Zombie Business

1 minute read

It’s a disaster! Not only that these useless piles of rotten meat obfuscate all their stupid code, they have also lost our precious root password, or “Flag” ...

Hack.lu CTF 2012 - Zombie AV

3 minute read

Some people try to fight the zombie apocalypse by selling pseudo antidote. We need the secret formula in config.php to destroy their snake oil business…

Hack.lu CTF 2012 - Mini Zombie Business

1 minute read

As time passes by and the zombie apocalypse seems to stay for a while businesses have to adapt to survive. Food store chains offer brains and biscuits for th...

Hack You CTF 2012 Writeups

less than 1 minute read

The CTF was really enjoyable. Really great casual atmosphere to it. Too bad we only really caught the last couple of days. Really looking forward to the next...

Hack You CTF 2012 - Pentagon (WEB100)

3 minute read

Note: images and files are missing in this blogpost. To solve the puzzle, we had to obtain the password to a ‘Pentagon’ site relying on Javascript authentica...

Hack You CTF 2012 - Halloween (STG200)

1 minute read

Note: images are missing in this blog post. The only piece of the puzzle we were given was an image file. The distinguishing feature for this picture is that...

Hack You CTF 2012 - Stego 100

5 minute read

In this challenge, we were given the a large amount of text in a file. The entire text may be found at the end of this blog post.

Hack You CTF 2012 - Reverse 200

2 minute read

A zip file containing an ELF binary and Windows executable file was given to us. We need not care about the Windows executable as both the ELF binary and the...

Hack You CTF 2012 - Packets 200

less than 1 minute read

In this task, we are supposed to answer the question: “What’s the md5 of the file being transferred?”. We are given another capture file, this time containin...

Hack You CTF 2012 - Packets 100

less than 1 minute read

We are given an objective for the packets series: “Part 1. Find the secret link in this conversation.” We have a .pcap capture file and we simply apply a fil...

Hack You CTF 2012 - HugeCaptcha (PPC100)

less than 1 minute read

PPC100 is a puzzle that requires some degree of scripting. To obtain the flag, we have to add up the two large numbers given and submit the result through PO...