Intro

Intro2ctf is an introductory CTF event held by RISC.

All writeups will have a Hide Spoilers button that will blur any code and flags so you can read the approach without spoiling the challenge’s solution.

Intro2web

Auditing the Board

-> Writeup

There’s something fishy about that list of board members… something’s hiding there… I just know it.

Find a leaked key in the HTML

A personalised thank you

-> Writeup

Thank you for your feedback { name }

Python Flask Jinja template injection to get bash code execution

Making a Statement

-> Writeup

There’s an account with id 99999 that has made some interesting transactions. See if you can find out more.

Exploit incorrect request validation to see other peoples transactions

Your feedback is not appreciated

-> Writeup

Yuri Nocashov has taken a deep interest in customer feedback, and will read all feedback forms submitted!

XSS Injection to get an admins cookie

Billionaire

-> Writeup

I wanna be a billionaire so f*cking bad / Buy all of the things I never had

Abuse poorly validated requests to get unlimited money

I am the admin now

-> Writeup

admin.php is heavily locked down, not allowing anyone to see it except for administrators! There’s definitely no way to bypass this.

SQL injection more complex than just ' OR 1=1;-- to get access to the admin panel

██████████

-> Writeup

The ██████ with ███████ has ██████ and the ███ ███ ███████. Report ID 6 is not to be ████████.

Racing a go server to get access to a restricted file

Intro2rev

Coming soon..?