Stack Overflow
Stack Overflow

Questions tagged [ctf]

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as cryptography, steganography and reverse engineering. Typically this involves bypassing poorly-implemented security measures.

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as , and . Typically this involves bypassing poorly-implemented security measures.

162 questions
0
votes
2 answers

Why does my for loop run indefinitely and doesn't stop when the if condition is met?

I'm trying to read text from a file and using a loop to find a specific text from the file. The data in the file is listed vertically word by word. When I run the script, after it prints the last word in the file it repeats itself from the beginning…
AppleCider
  • 39
  • 4
0
votes
1 answer

Buffer Overflow in C with strtol

I'm trying to get the following C program to execute the win function by making use of a buffer overflow, however, I'm completely stuck as I cannot figure out the correct input. In this challenge, I was given a compiled executable and the below code…
goatw
  • 55
  • 7
0
votes
1 answer

python2 using pickle to run arbitrary code and returning a dictionary

I am doing a CTF where a pickle string which encodes a dictionary is sent to a server. I'm pretty sure I'm supposed to alter the pickle in such way that the pickle will run arbitrary code to get the flag. Some searching lead me to this pickle, which…
Ariel Yael
  • 361
  • 2
  • 10
0
votes
2 answers

Data hidden in jpg

I am currently looking for hidden data in a jpg file but I have no clue on how to operate. There is a jpg file containing text in a format I have never seen before : -ne…
ymz
  • 1
0
votes
1 answer

Couldn't figure out how the payload worked

I was solving one of TryHackMe's rooms about SQL injection.But I couldn't figured out one thing that came to my mind and after spending lots of time I thought it's best to ask that question here. In the room there is a machine to deploy, after…
BooRuleDie
  • 55
  • 5
0
votes
1 answer

Python ctypes time(0) and C time(0)

So i was doing the 2019 picoCTF binary challenge seed-sPRiNG where i got this write up with this code: #include #include #include int main () { int i; srand(time(0)); for (i = 0; i < 30;…
Winter
  • 1
  • 1
0
votes
0 answers

Capture the flag (CTF) with HTTP cookies

I'm trying to get past this CTF challenge. Here is the clue: The challenge here to steal someone else's cookies from a different website. The value of that cookie is your password. You are using a chat application with Bob wherein you send and…
Diego Lopez
  • 1
  • 1
  • 1
0
votes
1 answer

How can I check a socket from a webserver?

Im doing a challenge (CTF style) and everyting we got is an IP. Scanning that IP only one port is open. If I connect to that IP and port using netcat, I got a kind of "dance" doing in CMD, with a message at the end that says "Check socket 12345". I…
Underd0g
  • 57
  • 1
  • 4
0
votes
1 answer

How to send binary payload via netcat in a pwn attack

On connecting to the exploit server via netcat, the server prompts for input. I have crafted my payload in the binary file payload, how can I send it to the server. I've tried cat payload | nc ... but it doesn't work.
McXD
  • 27
  • 1
  • 8
0
votes
0 answers

SQL Injection returns injected code as it is

I'm trying to beat this CTF: a website under construction that has a simple login page where you can login or register a new user. It uses node express and a SQLite DB. Analyzing the source code I found this query: getUser(username){ return…
Fabio R.
  • 393
  • 3
  • 15
0
votes
1 answer

nodejs: timing attack on "=="

Recently I came past this write up of a CTF on hackerone. In this writeup part of completing the challenge was to perform a timing attack. It spiked my interest and I wanted to create a webite that would be prone to a timing attack. To do this I…
Mr Krisey
  • 109
  • 2
  • 10
0
votes
1 answer

Possible to find path of file on a website?

I joined a small ctf challenge and one of the challenges is that, given a webserver with a file on it, now you have to find the file on the server. The only thing that is given to you is, the url and the filename (flag.txt). I tried brute forcing…
Tazben
  • 3
  • 1
0
votes
0 answers

Does asynchronous functions parallelize operations in NodeJS?

In my school's assignment I've been tasked to bruteforce a SHA1 hash in order to find the key. We're provided with the flag (in SHA1), a password (in SHA1) and they told us that the key was [AAAAAA-ZZZZZZ]. The flag was in the format of…
CXY
  • 33
  • 8
0
votes
1 answer

Why there is a SytaxError when pushing an exec() function into an input()

There is a netcat CTF task where it is needed to get the flag via an RCE (the most simple and obvious variant for me is exec()) Python 2.7.18 (default, Apr 28 2021, 17:39:59) [GCC 10.2.1 20210110] on linux2 >>> print input() pow(2, 3) # No problems…
Genken
  • 23
  • 5
0
votes
0 answers

"if .. else" statement not working for capture the flag challenge

I am trying to set up a c capture the flag challenge but I cannot get the if statement to work. I have a text file with the following line in it: flag{alm0st_th3r3} This checks against my character phrase which is the same so should print out the…
Kartibok
  • 65
  • 7
1 2 3
10 11