CTF categories

Cryptography (209)
Pwn (128)
Web (107)
Machines (97)
Reversing (62)
Misc (59)
Forensics (56)
Hardware (9)
Blockchain (8)
Mobile (7)
Coding (6)
OSINT (5)
AI - ML (1)
GamePwn (1)
ICS (1)

Highlighted writeups

TrapTrack
CTF

TrapTrack

Insecure Deserialization in pickle. SSRF in Redis
Go Sweep
CTF

Go Sweep

m0leCon CTF 2025 Teaser. Go binary. PRNG. Time-based seed. Threads
Alien Saboteaur
CTF

Alien Saboteaur

Virtual machine. Custom opcode instructions. sys_ptrace. XOR cipher
SecretRezipe
CTF

SecretRezipe

ZIP compression. BREACH / CRIME attacks. Known plain text attack
baby-talk
CTF

baby-talk

DiceCTF 2024 Quals. 64-bit binary. Heap exploitation. House of Einherjar. Overlapping chunks. Tcache poisoning
Robot Factory
CTF

Robot Factory

64-bit binary. Buffer Overflow. Threads. Canary bypass. ret2libc
More

Recent CTF

Hubbub
CTF

Hubbub

Arduino reversing. Morse code
quick maffs
CTF

quick maffs

RSA. Low Exponent and Related Messages attack. Groebner basis. Brute force
Lost Modulus Again
CTF

Lost Modulus Again

RSA. Greatest Common Divisor. Franklin-Reiter related-message attack. Coppersmith’s short-pad attack
BinCrypt Breaker
CTF

BinCrypt Breaker

Reversing encryption algorithm. XOR cipher
CDNio
CTF

CDNio

Cache poisoning
More CTF

Recent HTB

Facts
HTB

Facts

Hack The Box. Linux. Easy machine. This machine has an outdated version of Camaleon CMS that is vulnerable to Local File Read. With this vulnerability we can read the private SSH key of a user, crack the passphrase and access the machine. Then, this user has sudo permissions to run command facter as root, which can be used to escalate privileges using a Ruby script
Interpreter
HTB

Interpreter

Hack The Box. Linux. Medium machine. This machine has a Mirth Connect instance that is vulnerable to Unauthenticated Remote Code Execution. After getting a reverse shell, we can find a database credentials and a hashed password inside. We must analyze how the hash is generated in order to crack it. Once we have the password, we can access via SSH and find out an internal webserver running as root that has a code injection vullnerability in Python due to eval and f-strings, which allows us to escalate to root
Eighteen
HTB

Eighteen

Hack The Box. Windows. Easy machine. In this assumed-breach machine we have credentials for an exposed MSSQL service where we can impersonate another user and find a hashed password for the website hosted by the machine. This hash can be cracked to find a password. After enumerating users by brute forcing RIDs in MSSQL, we find that it is reused by a domain user and we get access via WinRM. There is a bad ACL configured to group IT and we can use BadSuccessor to escalate privileges, after configuring a SOCKS proxy to access required AD services
Dog
HTB

Dog

Hack The Box. Linux. Easy machine. This machine hosts a CMS that exposes a Git repository. Once we dump the repository, we can find a username and a database password that can be reused to log in as administrator of the CMS. Here, we can install a new module to execute a PHP web shell and get a reverse shell on the machine. Although there are hashed passwords on the database, the same password can be reused for a system user. Finally, we are allowed to run bee as root using sudo, which will let us escalate privileges by running arbitrary PHP code
Titanic
HTB

Titanic

Hack The Box. Linux. Easy machine. This machine has a Local File Read vulnerability where we can read sensitive files. There is a Gitea instance with some repositories and a Docker configuration that shows how Gitea files are shared in a volume mount. So, we can find hashed passwords on the Gitea SQLite database and crack them. With this, we gain access via SSH reusing credentials. After that, we find a script running as root using a vulnerable version of ImageMagick where we can perform a library hijacking to get arbitrary code execution, as root
More HTB

Recent IMC

IMC

IMC 2021, Problem 1

Let be a real matrix such that .
  1. Prove that there is a unique real matrix that satisfies the equation
  2. Express in terms of .
IMC

IMC 2020, Problem 5

Find all twice continuously differentiable functions satisfying for all .
IMC

IMC 2020, Problem 2

Let and be real matrices such that where is the identity matrix. Prove that
IMC

IMC 2020, Problem 1

Let be a positive integer. Compute the number of words (finite sequences of letters) that satisfy the following three properties:
  1. consists of letters, all of them are from the alphabet .
  2. contains an even number of letters .
  3. contains an even number of letters .
(For example, for , there are 6 such words: , , , , and )
More IMC