Intro

Intro2ctf is an introductory CTF event held by RISC.

All writeups will have a Hide Spoilers button that will blur any code and flags so you can read the approach without spoiling the challenge’s solution.

Intro2web

Auditing the Board

-> Writeup

There’s something fishy about that list of board members… something’s hiding there… I just know it.

Find a leaked key in the HTML

A personalised thank you

-> Writeup

Thank you for your feedback { name }

Python Flask Jinja template injection to get bash code execution

Making a Statement

-> Writeup

There’s an account with id 99999 that has made some interesting transactions. See if you can find out more.

Exploit incorrect request validation to see other peoples transactions

Your feedback is not appreciated

-> Writeup

Yuri Nocashov has taken a deep interest in customer feedback, and will read all feedback forms submitted!

XSS Injection to get an admins cookie

Billionaire

-> Writeup

I wanna be a billionaire so f*cking bad / Buy all of the things I never had

Abuse poorly validated requests to get unlimited money

I am the admin now

-> Writeup

admin.php is heavily locked down, not allowing anyone to see it except for administrators! There’s definitely no way to bypass this.

SQL injection more complex than just ' OR 1=1;-- to get access to the admin panel

██████████

-> Writeup

The ██████ with ███████ has ██████ and the ███ ███ ███████. Report ID 6 is not to be ████████.

Racing a go server to get access to a restricted file

Intro2rev

Generally when I refer to decompiling, I am using IDA, aka Hex-Rays, often through the dogbolt Decompiler Explorer.

Gatekeeper

-> Writeup

What password makes the program print “you got it!”?

Decompilation to get a plaintext password

No Peeking

-> Writeup

Mwuahahahaha You fool! I’ve thwarted your simple tricks like gdb! It is nigh impossible to recover the password now!!!

Brute force a simple decompiled algorithm

Crack Me V1

-> Writeup

EvilCorp has made a ISO-9001 SOC2(Type II) GDPR AI-Guard Anti-tamper software license tool! Can you find a serial that cracks it?

Reversing a decompiled encryption algorithm

Win32FakeAgent

-> Writeup

Very legit batch script.

Deobfuscating a batch script

Crack Me V2

-> Writeup

EvilCorp has upgraded their license validator! It’s now AI powered quantum resistant dark blockchain infused!

V1 but + 1

Script Kiddie

-> Writeup

How bad could a harmless python script be?

Obfuscated python script

Totally Not Malware

-> Writeup

This definitely isn’t malware :)

This time decompiling doesnt quite work.