Capture The Flag 🚩

UlisseCTF 2025 🚩 Telemetry 🌐 Overview Telemetry was a web application that allowed users to upload files (max 10), while internally logging all errors and relevant events into files located at paths like logs/username/user-uuid.txt. The application also featured a template testing endpoint, which let users check whether a given Jinja2 template from the template directory could be successfully rendered. Analysis The challenge provided a register endpoint where users were asked to supply a username and a custom log filename....

Pascal CTF Beginner 2025 Web 🌐 Static Fl@g This challenge is one of the simplest in web security, as it relies on a client-side check to reveal the actual flag. The flag is embedded in the JavaScript code of the index page, encoded in base64, making it easy to locate with a bit of inspection. Therefore there isn’t any need to create a script to solve this challenge. Biscotto Biscotto’s backend contains only two functions:...

nullCon CTF 2023 Web 🌐 TYpical Boss In this challenge, it was noticeable that if you accessed the main directory ‘/’ of the challenge’s website, the web server would render all the files and directories present on the page (including a file named database.db, which was an SQLite database). As soon as I found this file, I analyzed its contents until I discovered the hashed password of the admin. This hash (in SHA-1) started with a very famous prefix known for its vulnerabilities in PHP, namely 0e....

m0lecon CTF 2023 Beginner Web 🌐 Unguessable This challenge was the easiest in the CTF (it had more solves than the sanity check, lol). In fact, to solve it, all you had to do was understand that the website fetched the flag from an endpoint /vjfYkHzyZGJ4A7cPNutFeM/flag, and to obtain it we opened the endpoint sniffed the whole network. ... function update(res) { // the function used by the site to get the flag if (res === "wrong") { card....

TFC CTF 2023 Web 🌐 Baby Ducky Notes This challenge looked like a normal notes sharing site, but after a quick view to the source code, it was easy to find the way to read the flag. In fact the database.db file had a query to initialize the notes table with this code: query(con, f''' INSERT INTO posts ( user_id, title, content, hidden ) VALUES ( 1, 'Here is a ducky flag!...