bi0sCTF 2024 Writeup

CTFTime event link: https://ctftime.org/event/2117

Writeup

• Web Exploitation:
  1. required notes

Background

• Starts: 24 February 2024, 12:00 UTC
• Ends: 26 February 2024, 00:00 UTC

Team bi0s invites you to our prestigious bi0sCTF 2024, a premier hacking event designed for hackers of all generations. We are dedicated to crafting challenges that incorporate the latest vulnerabilities, responsibly pushing the boundaries of innovation to ensure a delightful and enriching experience for all participants.

Categories:

• Pwn
• Web Exploitation
• Forensics
• Cryptography
• Misc
• Reverse Engineering

Overview

• Team: ARESx
• Team Solves: 9/38
• Individual Solves: 2/38
• Score: 3397
• Global Rank: 23/294
• Overall Difficulty To Me: ★★★★★★★★☆☆

What I’ve learned in this CTF

• Web Exploitation:
  1. required notes (Server-Side Prototype Pollution in protobuf.js (CVE-2023-36665), brute forcing with error-based oracle)