0xL4ugh CTF 2024 Writeup

CTFTime event link: https://ctftime.org/event/2216

Writeups

• Web:
  • Micro
  • Simple WAF
  • Ghazy Corp

Background

• Starts: 09 February 2024, 13:00 UTC
• Ends: 10 February 2024, 15:00 UTC

0xL4ugh CTF 24 (Third Version) we tried to make it hard, useful and funny as much we could, most of challenges this year are based on real life cases and researches. Stay Tunned!

Categories:

• Zero Knowledge Proof
• Machines
• Mobile
• OSINT
• Desktop PT
• Reverse
• Forensics
• Crypto
• Misc
• Web
• Pwn

Overview

• Team: ARESx
• Team Solves: 22/35
• Individual Solves: 1/35
• Score: 3523
• Global Rank: 14/1427
• Overall Difficulty To Me: ★★★★★★☆☆☆☆

What I’ve learned in this CTF

• Web:
  1. HTTP Parameter Pollution (HPP) (Micro)
  2. PHP built-in function preg_match() bypass (Simple WAF)
  3. Mass Assignment vulnerability, rate limiting bypass, blind file oracle with PHP filter chains (Ghazy Corp)