Stack Overflow
Stack Overflow

Questions tagged [ctf]

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as cryptography, steganography and reverse engineering. Typically this involves bypassing poorly-implemented security measures.

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as , and . Typically this involves bypassing poorly-implemented security measures.

162 questions
0
votes
0 answers

Union sql injection from this code snipet

Hello I am currently working on a ctf and I ran into some issues getting responses from the sql database. The hint that was given to me is this php code snippet along with this is vulnerable to UNION select injection. I have tried all these options…
Justin Andorfer
  • 1
0
votes
2 answers

Trying to send string variable via Python socket

I'm in a CTF competition and I'm stuck on a challenge where I have to retrieve a string from a socket, reverse it and get it back. The string changes too fast to do it manually. I'm able to get the string and reverse it but am failing at sending it…
Jodi Rehlander
  • 17
  • 6
0
votes
1 answer

The web type ctf problem includes node and python

I am playing with the web type of ctf Questions are as follows &1`; $python = @`python3…
0xbe61a55f
  • 3
  • 3
0
votes
0 answers

What can be exploited here?

I'm doing this exercise on ROP and I'm given a stripped binary that when disassembled with ghidra gives void secret(long num,char *str){ if(num == 1){ pass = strcmp(str, "Hewhewbrew") if(pass == 0){ puts("you win!") } } } void…
Cheesewaffle
  • 45
  • 4
0
votes
1 answer

overflow with unprintable characters

Iḿ doing this overflow exercise and the memory address I'm trying to access by overflow is 0x6010e0, the problem is, Iḿ having a hard time inputting this to the program. I've tried python -c 'print("a"*32 + "\xe0\x10\x60")' > test.txt then in…
bruhbruhman
  • 1
0
votes
1 answer

In a C program, does return address of a function frame point to the .text section?

I'm attempting to do a small ctf, and I'm trying to overflow the return address to inject shellcode. I expected the return address to be a very low one since it should point to the instruction (hence i assumed the .text segment). Using format string…
Nikolai Savulkin
  • 697
  • 5
  • 12
0
votes
1 answer

PicoCTF Python Wrangling Challenge import error

When attempting the PicoCTF Python Wrangling Challenge linked below, I get an error when attempting any of the commands in the python general commands menu. https://play.picoctf.org/practice/challenge/166 The error is: Traceback (most recent call…
Alex D
  • 3
  • 2
0
votes
1 answer

Can't understant instruction strcmp() in this code

I have some problem understanding a code. Can you please help me to understand this line of code : strcmp("admin",*(char **)(users + (long)local_24 * 0x10 + 8)); Full code : void test(void){ int iVar1; long in_FS_OFFSET; int local_24; …
som-gif
  • 1
  • 1
0
votes
0 answers

How to unscape bytecode which contains strings

I m new to reverse engineering and I was solving a CTF, I did find the byte code but it seems like I should sanitize it(it contains some strings), and unescape it properly. Here is a chunk of the byte…
simon
  • 1
0
votes
1 answer

Why do TextError exceptions not function properly in this code?

The code below output's "Do not divide by zero, that is forbidden" fine when the user inputs zero, however if a sentence or characters are entered it returns a ValueError. The error is as follows: Traceback (most recent call last): File…
gurobot
  • 3
  • 3
0
votes
0 answers

Why local variable addresses are different by which program started it?

I ran into a confusion about memory address issue during my experiment to practice CTF pwn questions. I tried to find the start pointer address of a local array variable to insert shellcode with Radare2. But the obtained pointer address was…
kyasbal
  • 1,132
  • 3
  • 12
  • 27
0
votes
0 answers

PicoCTF PW Crack 3

I`m having a problem with this challenge. I have tried every password that is in level3.py file. I have edited level3.py file to print my password hashed and hashed password that is compared to. And the results are very interesting, I don't know how…
krismans
  • 88
  • 9
0
votes
0 answers

Use send() functions to send numbers to __isoc99_scanf("%d", &number)

I am trying to solve a pwn problem in a ctf platform. The program only uses scanf() to get index and content of a number array from standard input: for ( i = 0; i <= 3; ++i ) { puts("enter index:"); __isoc99_scanf("%d",…
Non
  • 11
  • 4
0
votes
0 answers

Reading exif data of .txt files

Our university organizes a CTF competition every year. This year in the field of forensics, the task was to find the metadata hidden in the .txt file. exiftool, which I usually use did not return any results. Does anyone have any suggesstion of…
Jan Zajc
  • 37
  • 6
0
votes
0 answers

use python2 script as EXEC parameter of socat

I'm trying to deploy a CTF challenge. so i have the following entrypoint.sh file: #!/bin/bash socat -dd -T60 TCP-LISTEN:9002,reuseaddr,fork,su=game EXEC:/home/game/game.py,stderr however when i build the docker image and run i get the following…
Scorpion197
  • 1
1 2 3
10 11