The Last Frontier: decode the captured signal, map the bitstream, and recover the flag.
hardware
Challenge
318 postspwn
El Mundo
El Mundo: calculate the overflow offset, redirect control flow, and land a reliable flag read.
pwn
El Pipo
El Pipo: calculate the overflow offset, redirect control flow, and land a reliable flag read.
crypto
RsaCtfTool
RsaCtfTool: abuse the AES misuse, derive the missing key material, and decrypt the flag.
pwn
Kernel Adventures 2
Kernel Adventures 2: build the shellcode path, control execution, and read the flag.
weblocked
ScreenCrack
misclocked
Touch
misc
Bag Secured
Bag Secured: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
hardware
Intrusion
Intrusion: decode the captured signal, map the bitstream, and recover the flag.
misc
MultiDigilingual
MultiDigilingual: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
misc
Addition
Addition: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
web
C.O.P
C.O.P: exploit the SQL injection, extract the needed data, and reach the flag.
crypto
CandyVault
CandyVault: model the crypto leak, recover the missing secret, and decrypt the flag.
web
Cursed Stale Policy
Cursed Stale Policy: abuse websocket to cross the web trust boundary and recover the flag.
web
DLLAMA
DLLAMA: abuse unsafe deserialization to cross the trust boundary and reach the flag.
pwnlocked
Execute
forensicslocked
Fishy HTTP
web
Gunship
Gunship: identify the broken request handling, prove control, and use it to recover the flag.
web
Jscalc
Jscalc: use path traversal to escape the intended read path and recover the flag.
web
Juggling facts
Juggling facts: identify the broken request handling, prove control, and use it to recover the flag.
web
KORP Terminal
KORP Terminal: exploit the SQL injection, extract the needed data, and reach the flag.
misc
MinMax
MinMax: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
misc
misDIRection
misDIRection: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
web
Neonify
Neonify: identify the broken request handling, prove control, and use it to recover the flag.
misc
Nothing Without A Cost
Nothing Without A Cost: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
misc
Oddly Even
Oddly Even: reduce the custom rules to a scriptable check and use the smallest reliable path to the flag.
crypto
Optimus Prime
Optimus Prime: model the crypto leak, recover the missing secret, and decrypt the flag.
web
PetPet Rcbee
PetPet Rcbee: abuse file-upload to cross the web trust boundary and recover the flag.