PwnMe Qualifications : “8 bits” Writeups

CTFTime event link: https://ctftime.org/event/1924

Writeups

• Web:
  1. Tree Viewer
  2. QRDoor Code (Unsolved)
  3. Beat me!
  4. Anozer Blog
  5. Nestapp (Unsolved)
• Reverse:
  1. C Stands For C
  2. Xoxor
• Forensics:
  1. kNOCk kNOCk

Background

• Starts: 05 May 2023, 23:00 UTC+2
• Ends: 08 May 2023, 02:00 UTC+2

CTF organized by Ecole 2600 students.

48 hours online qualifications (pwn, reverse, crypto, web, forensic, OSINT)

24 hours on-site final on the Ecole 2600 campus.

26,000 € cash prizes.

Back to 8-bit

Année 2600, John D. est un nostalgique. Il s’amuse à jouer sur des jeux vieux de centaines d’années pour découvrir un monde moins connecté. Mais il s’engouffre dans un jeu 8 Bits, sans pouvoir en sortir.

Categories:

• Web
• Pwn
• Other
• Osint
• Crypto
• Reverse
• Forensics

Overview

• Solves: 8/32
• Score: 518
• Rank: 128/501
• Overall Difficulty To Me: ★★★★★★☆☆☆☆

What I’ve learned in this CTF

• Web:
  1. Exploiting OS Command Injection & Bypassing Filters (Tree Viewer)
  2. QRDoor Code (Unsolved)
  3. Deobfuscating JavaScript Code & Exploiting Client-Side Game (Beat me!)
  4. Exploiting Class Pollution (Python’s Prototype Pollution) & RCE Via SSTI (Anozer Blog)
  5. Nestapp (Unsolved)
• Reverse:
  1. Using strings To Display Strings In A File & Rotating Rotated String (C Stands For C)
  2. Reversing XOR’ed Strings (Xoxor)
• Forensics:
  1. Exporting HTTP Object & Inspecting Debian Package (kNOCk kNOCk)