Stack Overflow
Stack Overflow

Questions tagged [ctf]

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as cryptography, steganography and reverse engineering. Typically this involves bypassing poorly-implemented security measures.

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as , and . Typically this involves bypassing poorly-implemented security measures.

162 questions
0
votes
1 answer

Clarifications about some SQL Injection commands

I'm struggling with a CTF(Capture The Flag) Web Challange on hackthebox, not being an expert in penetration testing I'm asking your help to explain me (with some comments) some commands used to reach the solution, expecially about the syntax and…
Zoythrus
  • 165
  • 1
  • 11
0
votes
1 answer

Why does this exploit require two separate payload injections rather than one?

I am new to binary exploitation problems. This one comes from picoctf 2019, leap-frog. The particular solution I'm interested in uses a buffer overflow on the vuln() function to force execution to return to gets' PLT entry. This is done because gets…
SuperGoA
  • 225
  • 1
  • 2
  • 9
0
votes
2 answers

Why is the code still being executed after "exit()"?

I'm doing a CTF challenge that is about insecure deserialization in PHP. The goal is to print the flag by injection code into the deserialization to execute the print_flag() function. I suspect that the webserver only prints the last line that the…
alyei
  • 43
  • 8
0
votes
0 answers

Does this code that contains system("/bin/ls") seems unbreakable?

I'm doing some ctf-like homework. It's to make a privileged program run /bin/sh. There's no source code, only works on binary assembly. The program normally pass "/bin/ls %s" (stored at 0x804868f) to snprintf with argv[1]. So the output of snprintf…
Xarath
  • 9
  • 1
0
votes
0 answers

Assembly weird inputs?

This code is from the picoCTF 2018: asm3: push ebp mov ebp,esp mov eax,0xbc xor al,al mov ah,BYTE PTR [ebp+0x9] sal ax,0x10 sub al,BYTE PTR [ebp+0xc] add ah,BYTE PTR [ebp+0xd] xor ax,WORD PTR…
Raicha
  • 120
  • 8
0
votes
2 answers

How to prevent strings to read CTF flags in C

I am creating a simple CTF in buffer overflow below is the sample code: #include void secretFunction() { printf("this is your flag!\n"); } void echo() { char buffer[20]; printf("Enter some text:\n"); printf("%s",…
Rahul
  • 1
0
votes
1 answer

decrypting RSA using c^d mod n

I'm trying to get a message out of an RSA code, but cant seem to understand how. The formula i'm trying to use to find the message is: c^d mod n. In the text file i received (which is the RSA code), i have 3 parameters: The c…
afterm3
  • 69
  • 1
  • 5
-1
votes
0 answers

No password hashes loaded in JohnTheRipper

I'm trying to crach ssh password with john, but there's an error, and I can't find the answer to solve it firstly I use ssh2john.py: python3 ssh2john.py id_rsa > id_rsa.hash then john: john --wordlist=/usr/wordlists/rockyou.txt id_rsa.hash the…
askarr
  • 1
  • 3
-1
votes
1 answer

What techniques can I use to determine the number generated by srand() in C?

How to know the secret number from srand((uint32_t)timer) where time_t timer = time(NULL) #include #include #include #include void printTerminalTime(time_t t) { char buffer[32]; struct tm* tm_info =…
Allen
  • 1
-1
votes
1 answer

How i can get this memory address in Protostar stack 5 CTF

I found this solution for solving protostar's ctf stack5 challenge. The solution works, but I can't figure out how in the stack diagram section we get the address: 0xbffff800 . I understand that NOPs have been added, but how do you get to how many…
Gabriele Pisapia
  • 111
  • 1
  • 8
-1
votes
1 answer

Decrypt message with XOR and respond over a socket

I am attempting to complete a challenge that states: We've noticed that the aliens are sending messages between their ships, we think they're using XOR to encrypt the messages, and we've intercepted a key. Set up a server listening on ("localhost",…
Benjamin
  • 1
  • 1
-1
votes
1 answer

Exact format of a open ssh private key

I've been trying to complete a CTF on HackTheBox and at some point I get a openssh private key that I can then use to connect as root through ssh. The command I use is "ssh -i id_rsa root@" by the way but I'm almost sure that's not the…
LoLo Voulzy
  • 11
  • 3
-1
votes
1 answer

How can I decrypt a RSA2 encrypted message C given only private key d and Phi(n)?

How can I decrypt a RSA encrypted message C given private key d and Phi(n)? It is known that this is a TextBook RSA, so e is small supposedly. I have gone through all the usual ways to decrypt RSA, however, it seems that there are little things I…
Kim lim
  • 19
  • 2
-1
votes
1 answer

When learning ethical web hacking, should I learn javascript, html, or both

I am learning ethical hacking, mostly with websites. I know the basics of the web but what coding language should I learn first when it comes to website hacking. I want it to help me in not only ctf but in real instances. Thank you
Tyler Morgan
  • 43
  • 7
-1
votes
1 answer

How to run a portable executable in a docker on linux system

I am working on a application to deploy challenges for ctfs. I want to include windows service type challenges, too. How can I deploy a Portable Executable file on a linux based server?
Leshna Balara
  • 1
1 2 3
10
11