HKUST Firebird CTF Competition 2025 Writeup
Writeup
- Web
- Firebird Chan's Travel Guide
- Baby PHP
- Babier PHP
- Firebird Chan's Fanclub (First Blooded)
Background
- Starts: 11 Jan. 2025, 10:00 HKT
- Ends: 12 Jan. 2025, 22:00 HKT
Categories:
- Binary
- Reverse
- Web
- Crypto
- Forensics
- Misc
Overview
- Team: NuttyShell
- Team Solves: 19/34
- Individual Solves: 4/34
- Score: 13912
- Global Rank: 3/28
- Overall Difficulty To Me: ★★★★☆☆☆☆☆☆
What I've learned in this CTF
- Web
- Firebird Chan's Travel Guide - CVE-2023-24329
urllib.parse.urlparseparser differential - Baby PHP - PHP insecure deserialization & bypass via reference operator
- Babier PHP - PHP insecure deserialization &
__wakeupmagic method bypass - Firebird Chan's Fanclub - Multi-endpoint race conditions (First Blooded)
- Firebird Chan's Travel Guide - CVE-2023-24329