DragonSec CTF 2022

I touched my keyfob for free bubblegum and they stole my flag :( Files keyfob.trace What’s going on? We have keyfob.trace, which is a log file. Firstly, we saw a rfid challenge tag, and we understood what was going on: RFID (radio frequency identification) is a form of wireless communication that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency portion of the electromagnetic spectrum to uniquely identify an object, animal or person....

The Bookstore.java challenge stated that: Web developer left the company becouse he was not being paid. He left some hidden features for him, to bypass security. Can you find the vunerability? http://book-store.dragonsec.si And gave us a book_store.jar file. The Log4Book If we open the jarfile with a decompiler (like JD-GUI) we can see that there is a vulnerability in the log analyzer. Pattern pattern2 = Pattern.compile("get\\{.*\\}salt=" + System.getenv("SALT")); Matcher matcher2 = pattern2....

This is Codechain’s older brother, Codechainz What’s going on? This is what we get if we run the program: Hey, this is an epic memory saver. #saved Because of COVID-19 restrictions, we can only do memory saving of programming languages. We apologize for the inconvenience. Preparing the memory space... Memory space is ready for storing data. DISCLAIMER: All your memories will be saved at 0x7fd43dc5f000. Here are your options. Choose one: 1 Make a new memory 2 View a memory 3 Delete a memory 4 Exit > Apparently it leaks an address and allows us to make, view and delete a memory (which should be saved at the aforementioned address)....

Someone who doesn’t care about bandwidth usage decided to package both the server and client binaries in a single file… The server of course is meant to run on linux, and the client on Windows. We get a PowerShell file eulers_license.ps1 that contains: a binary_linux var containing the server code encoded in base64. a binary_win var containing the client code also encoded in base64. The linux binary The linux binary is very easy to reverse....

The flag is in format dctf{7_4_2_3_7_4} where numbers represent number of characters between underscores. For clarification: you will get the whole flag as a result, including the dctf{} part. Files cfg.zip What’s going on? We have cfg.zip, which contains 2134 folders. An example of the structure is shown below: Image not found! Some folders contain only subfolders. Subfolders name is not random: subfolders have the same name of a folder from the upper layer....

In this challenge we were given a python jail (with source code) where all __builtins__ were removed apart from print, exec, int, type, insert missing and the code was executed in an exec with a modified context. There was also a filter on ', ", + and all __xxx__ apart from __closure__,__code__,__doc__ and insert missing In order to create strings we abused already existing strings taken from the __doc__ of accessibile builtins such as int....