3kCTF-2021 | challenges

Challenges

Reversing Web Pwn Crypto Misc

telnet

500

babyrtos

500

ppaste

498

HelloWorld

498

3K_SIGNER

495

klibrary

495

stdout

495

Mokdad's Memories

495

Digital

493

Handvm

493

Password Manager

493

iterrun

490

Layers

488

Microscopic Revenge

488

Imposter

485

ASR

483

echo

478

masterc

478

p(a)wnshop

478

secure roots

475

Crackme

470

Emoji

438

SMS

435

online_compiler

425

Feedback

395

crypto warmup

353

Flags

telnet - 500pts

0 solves

I've setup my raspberry to control it remotely, i've made a secure telnet service for this purpose,
Can you help me spot any vulnerabilities ?

Mirror 1
nc telnet.2021.3k.ctf.to 8080

Mirror 2
nc telnet2.2021.3k.ctf.to 8080

Mirror 3
nc telnet3.2021.3k.ctf.to 8080

Attachment

Notes:
- DB is same on remote
- Remote is running on real ARM device, given qemu emulation in attachment is only for testing/debugging, a reliable exploit should work on both envs

Author: rekter0

Hints

1. i can union select (it's a pwning challenge, dont go crazy with requests, DB is already given with challenge files, its same on remote)

babyrtos - 500pts

0 solves

Real time operating system, what is that ?

nc babyrtos.2021.3k.ctf.to 7777

Attachment

Author: rekter0, Maher

Hints

$ strings a.out|grep 3k
3k{XXXXXXXXXXXXXXXXXX}

ppaste - 498pts

1 solves

We've launched our first bugbounty program, Our triage team is eager to hear about your findings !

Bounty Program

Check assets in scope and whether you can leak a flag

Note:
- You need account at intigriti.com to view the scope
- Submit flag here to get CTF points
- Submit a report at intigriti gets you reputation points at intigriti

Author: rekter0

Hints

1. json inconsistencies

First Blood

1. Black Bauhinia

HelloWorld - 498pts

1 solves

Can you help me fix my grandfathers TV?

Hi

Author: kaftejiman

Hints

1. Challenge is mainly reverse. It is involving a stack based VM. (website is just the interface)

2. You can use fonttools for static analysis

3. You can use fontforge for dynamic analysis

First Blood

1. Never Stop Exploiting

3K_SIGNER - 495pts

2 solves

I need UI designer ... :(

Link

Attachment

Author: dali

First Blood

1. greunion

2. Black Bauhinia

klibrary - 495pts

2 solves

Store your books safely inside the kernel!

nc klibrary.2021.3k.ctf.to 9994

Attachment

Author: Maher

First Blood

1. zer0pts

2. Kalmarunionen

stdout - 495pts

2 solves

I can't see what's happening there, but I can feel it.

nc stdout.2021.3k.ctf.to 9998

Attachment

Author: Maher

First Blood

1. zh3r0

2. zer0pts

Mokdad's Memories - 495pts

2 solves

Mokdad Shili has memories about his old hair and glasses. But his poor brain can't remember these moments.
Can you help him remember that moment?

nc mokdadkey.2021.3k.ctf.to 1777

Attachment

Author: Iy3dMejri

First Blood

1. Black Bauhinia

2. zer0pts

Digital - 493pts

3 solves

Would you check my Digital Sophisticated Algorithm ?

Attachment

Author: KOOLI

First Blood

1. Black Bauhinia

2. Kalmarunionen

3. zer0pts

Handvm - 493pts

3 solves

It's a tiny vm with 5 registers. Use this for your finger math.

nc handvm.2021.3k.ctf.to 7777

Attachment

Author: jt

First Blood

1. Never Stop Exploiting

2. zh3r0

3. M30W

Password Manager - 493pts

3 solves

Guess my password please!

NOTE: flag format is 3k{}

Attachment

Author: KERRO

First Blood

1. greunion

2. Never Stop Exploiting

3. Black Bauhinia

iterrun - 490pts

4 solves

I created a C++ program to keep my secrets safe,
all the security mitigations are enabled, don't even try to pwn it.

nc iterrun.2021.3k.ctf.to 9997

Attachment

Author: Maher

First Blood

1. zh3r0

2. M30W

3. zer0pts

Layers - 488pts

5 solves

Can you break my tiny little box?

NOTE: flag format is flag{}

Attachment

Author: KERRO

Hints

1. The binary for the reversing challenge Layers updated. THE CHANGES WON'T AFFECT THE SOLVING CHAIN NOR THE REVERSING LOGIC/PATH! Good luck.

First Blood

1. RadboudInstOfPwning

2. greunion

3. Fword

Microscopic Revenge - 488pts

5 solves

The 2021 version is here! YAY \o/

NOTE: flag format is flag{}

Attachment

Author: KERRO

First Blood

1. Never Stop Exploiting

2. greunion

3. Fword

Imposter - 485pts

6 solves

find the imposter

Challenge

Attachment

Author: dali, Iy3dMejri

First Blood

1. Black Bauhinia

2. greunion

3. zer0pts

ASR - 483pts

7 solves

nc asr.2021.3k.ctf.to 13371

Source

Author: Gehim

First Blood

1. Never Stop Exploiting

2. Black Bauhinia

3. zer0pts

echo - 478pts

9 solves

Can you pwn this 1 line syscall?
You just receive what you send to the kernel.

nc echo.2021.3k.ctf.to 9995

Attachment

Author: Maher

First Blood

1. Never Stop Exploiting

2. BirdPerson

3. Kalmarunionen

masterc - 478pts

9 solves

Threaded win? is that even a thing?

nc masterc.2021.3k.ctf.to 9999

Attachment

Author: Maher

First Blood

1. zh3r0

2. Never Stop Exploiting

3. ISITDTU

p(a)wnshop - 478pts

9 solves

pawnshop is the leading hacking tools marketplace, an important auction holding a flag is happening. We want to know if listed items are not leaked before auction ends.

Challenge

Attachment

Note:
- flag is lowercase
- .htpasswd is not meant to be bruteforced, one running in remote is different

Author: rekter0

First Blood

1. RadboudInstOfPwning

2. Black Bauhinia

3. Never Stop Exploiting

secure roots - 475pts

10 solves

nc secureroots.2021.3k.ctf.to 13371

Source

Author: Gehim

First Blood

1. Black Bauhinia

2. kasiatutej

3. 0nlyFlags

Crackme - 470pts

12 solves

Follow my PATH!

NOTE: flag format is ctf{}

Attachment

Author: KERRO, Aziz

First Blood

1. 0nlyFlags

2. Never Stop Exploiting

3. ISITDTU

Emoji - 438pts

25 solves

browse some emojis

Challenge

Attachment

Author: rekter0

First Blood

1. Never Stop Exploiting

2. ISITDTU

3. Black Bauhinia

SMS - 435pts

26 solves

Doesn't every hash follow the sms protocol (substitute-mix-shift) ? Well, I think so! Therefore, I created my own hash function.

nc sms.2021.3k.ctf.to 1337

Attachment

Author: KOOLI

First Blood

1. Black Bauhinia

2. 0nlyFlags

3. ISITDTU

online_compiler - 425pts

30 solves

Compile & run your code with the 3k online compiler. Our online compiler supports multiple programming languages like Php, Python,...

Link

Attachment

Author: dali

First Blood

1. Class3E

2. R4v3ns

3. ISITDTU

Feedback - 395pts

42 solves

Please leave your honest feedback, we value your input to improve our next editions.
Hope you had fun !

Feedback form

Author: 3k

First Blood

1. Black Bauhinia

2. HugsForBugs

3. Never Stop Exploiting

crypto warmup - 353pts

59 solves

I found this weird code. Can you tell me what it does?

Source

Author: Gehim

First Blood

1. 0nlyFlags

2. Black Bauhinia

3. ISITDTU

sponsors - 10pts

219 solves

Attachment

Author: 3k

First Blood

1. Class3E

2. 9Y0

3. zh3r0