Stack Overflow
Stack Overflow

Questions tagged [ctf]

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as cryptography, steganography and reverse engineering. Typically this involves bypassing poorly-implemented security measures.

In a computer hacking context, a Capture The Flag (CTF) challenge invites participants to extract a hidden piece of information called a "flag" (usually a short string of ASCII text) from vulnerable online systems or downloadable files through the application of skills in various fields such as , and . Typically this involves bypassing poorly-implemented security measures.

162 questions
0
votes
1 answer

How to test and exploit LFI vulnerabilities

I am looking for removing false positives while testing LFI vulnerabilities using automatic scanners like LFISuite.Any tools and tips that we can use to test for LFI vulnerabilities in endpoints…
Mayank Agarwal
  • 447
  • 1
  • 7
  • 21
0
votes
3 answers

How to convert Python binary to ASCII

I have a binary string encrypted with this: ( S is the binary string) res = ''.join(format(ord(i), 'b') for i in s) How to I decrypt it? I tried the following but then the string is empty? for i in s: res += chr(int(str(i),2)) …
Sk1ppy
  • 3
  • 2
0
votes
1 answer

Python run exe from memory

exe = requests.get(url).content run_exe = subprocess.run(exe, shell=True, stdout=subprocess.PIPE,stderr=subprocess.STDOUT).stdout.read() print(run_exe.stdout.decode(encoding='utf-8', errors='ignore')) So I know that it is not that simple to execute…
Black Snufkin
  • 211
  • 2
  • 5
0
votes
0 answers

How to recover RSA messages if they are padded with spaces?

I have a message m="hunter". Let's say we pad it with 2 spaces from the left making the final message as m_dash=" hunter". We are given with c where c=pow(bytes_to_long(m_dash), 3, n) and n(1024 bit). n is too big to be factorised and therefore we…
Aviral Gupta
  • 1
  • 1
0
votes
1 answer

Very Lost: Flack and NYU Osiris Challenges

I am going through some CTF challenges at https://recruit.osiris.cyber.nyu.edu/challenges. I got to one for Template Programming where the task is to "Read /flag.txt from the server. http://recruit.osiris.cyber.nyu.edu:2000" I am not asking for a…
Trying ToLearn
  • 27
  • 4
0
votes
1 answer

How to solve PWN challenge?

I am very new to PWN and have very less idea how to solve PWN problems. Recently, I came across a Capture The Flag (CTF) challenge, where I found a pwn to find out the flag. I am using Linux-Ubuntu -16.04. Below program is a PWN program running on…
asoni94
  • 137
  • 2
  • 11
0
votes
0 answers

Unable to connect to DVWA

My Error: I've been trying to connect to DVWA but it doesn't seem to be working, my settings are fine I think. SS for my settings. I'm using MySQL and php5.6. the password for the root user is blank (I've checked it by connecting to DB). Please…
hakiki_makato
  • 189
  • 2
  • 7
0
votes
1 answer

Why the address of buf is 0x12 instead of 10?

My code is as follows: #include #include void myread () { char s[10]; read(0, s, 100); } void getshell () { system("/bin/bash"); } int main () { myread(); return 0; } I compiled the code and used ida…
wangyong
  • 11
  • 2
0
votes
1 answer

MariaDB gives me an error that says 'WHERE '1'='1'' in a ctf

Im going through the beginner hackerone ctfs and Im trying to crack the Micro-CMS v2. There is a login page that is vulnerable to an SQL injection. The query goes like this: 'SELECT password FROM admins WHERE username=\'%s\'' %…
kitsu_alt
  • 1
0
votes
0 answers

Where does fread get's stored in the stack?

I have a small doubt, i'm doing a ctf that provides me only the ELF file. I have been able, using Ghidra to decompile it, but here is the problem: at a certain point i read: fread(flag,0x400,1,__stream); (before there was : __stream =…
Jrghen
  • 11
  • 2
0
votes
0 answers

Using a different libc (32) when executing a binary on a 64 bit machine (Ubuntu 20.04)

I am trying to execute a 32bit binary and use a custom libc with it. So, I used LD_PRELOAD environment variable to set the path. export LD_PRELOAD='./libc.so.6' After this, a simple ls shows this error - ERROR: ld.so: object './libc.so.6' from…
Saurabh
  • 75
  • 7
0
votes
1 answer

Explanation of codeline in php for ctf

Guys I was learning to solve a ctf and saw this line in php ${"result$i"} = $db->query("SELECT * FROM {$tables[$i]} " . ($order != '' ? "ORDER BY ".$db->escape_string($order)." " : "")); This is in a for loop with $i as incrementer,So what is didnt…
ElementX
  • 11
  • 1
  • 4
0
votes
1 answer

wrong user and password in C code reverse engineering

I have this piece of code from a binary file that asks for user and password, I managed to find the user "mari" and the password "luig" but it says wrong userName here is the code : undefined8 main(void) { int iVar1; undefined4 local_96; …
Mazen Al-ali
  • 3
  • 4
0
votes
0 answers

How to inject Shellcode in function pointer in C?

I am a Shellcode beginner and I started some CTFs. But I am stuck at the most basic exercise. Let's say I have a program. This program gives me the pointer address of execve : 0x8048450 Let's say there is a char array "\bin\sh" of which I also have…
Red
  • 9
  • 2
0
votes
0 answers

CTF php is there a way to know what is this variable?

is there a way to bypass !== or a way to know what is in $slat? or the solution is different in the below CTF? Note: we don't know what is $salt so I guess MD5 collision is not possible. $second = $_GET['second_flag']; $third =…
Edit316
  • 1
  • 1
1 2 3
10 11