This weekend, I participated in NCTF. This was a beginner CTF, and it was good both as a morale boost, particularly as other research wades into unexplored territory, as well as a refresher on basic skill. It is always a delight to taste a few fleeting moments of focus, against the lifeless static of life.
For completeness, I will present some of the challenges solved below:
This challenge was presented as a link to a Tinkercad project. The Tinkercad website presents a particularly chaotic Arduino Uno setup:
I’m not really sure what this is intended to do, but the code gives away the game – this is some manner of bit-banging on port 12, 10 and 4. We can create a C stub, replacing the GPIO activations with printfs, depending on the pin number activated.
This quickly bears fruit, revealing a short binary-encoded flag:
A little bit of wrangling with the flag format later, and the flag is ours.
This challenge was presented as a host/port combination. On connecting, we are presented with the source code to a challenge:
This is a reasonably “light” jail (but a refreshingly Python3 one): only a few keywords are blocked. We can easily escape this, with the following payload:
To break this down a bit, we first use the Python “__builtins__” global (and for future reference, if __builtins__ is destroyed, try reload(__builtins__). __builtins__ doesn’t allow us to directly subscript a member, but we do this with __dir__, allowing us to get the exec function.
Once this is done, we exec a small secondary payload to import os, and then run shell commands – all the while taking care to avoid the blacklisted keywords in the challenge, giving us the flag.
Thankyou to the NCTF team for organising this event, I benefited from it. Condolences on the unexpected downtime halfway, and best wishes on any future events you organize. See you all in the Pwn2Win CTF next weekend.