LA CTF 2025 Writeup

CTFTime event link: https://ctftime.org/event/2592

Writeup

• Web
  1. plinko
  2. arclbroth
  3. gigachessbased (Not solved)

Background

• Starts: 08 Feb. 2025, 04:00 UTC
• Ends: 09 Feb. 2025, 22:00 UTC

LA CTF is an annual Capture the Flag (CTF) cybersecurity competition hosted by ACM Cyber at UCLA & Psi Beta Rho. LA CTF is open to all skill levels of cybersecurity! Whether you are tackling your first exploit or have professional experience, there will be challenges just right for you! There will be a variety of events ranging from the competition containing jeopardy-style cybersecurity challenges to talks from UCLA professors to fun events such as meme competitions! If you are interested in attending, join the Discord to stay up to date with the latest information about LA CTF!

Categories:

• crypto
• misc
• pwn
• rev
• web
• welcome

Overview

• Team: Black Bauhinia
• Team Solves: 36/55
• Individual Solves: 2/55
• Score: 9623
• Global Rank: 14/933
• Overall Difficulty To Me: ★★★★★☆☆☆☆☆

What I've learned in this CTF

• Web
  1. plinko - Web game hacking and manipulating WebSocket messages
  2. arclbroth - Authentication bypass via null-terminated string in Node.JS Foreign Function Interface (FFI)
  3. gigachessbased - XS-Leaks via abusing connection pool limit (Not solved)