telnet
500
babyrtos
500
ppaste
498
HelloWorld
498
3K_SIGNER
495
klibrary
495
stdout
495
Mokdad's Memories
495
Digital
493
Handvm
493
Password Manager
493
iterrun
490
Layers
488
Microscopic Revenge
488
Imposter
485
ASR
483
echo
478
masterc
478
p(a)wnshop
478
secure roots
475
Crackme
470
Emoji
438
SMS
435
online_compiler
425
Feedback
395
crypto warmup
353
sponsors
10
I've setup my raspberry to control it remotely, i've made a secure telnet service for this purpose,
Can you help me spot any vulnerabilities ?
Mirror 1
nc telnet.2021.3k.ctf.to 8080
Mirror 2
nc telnet2.2021.3k.ctf.to 8080
Mirror 3
nc telnet3.2021.3k.ctf.to 8080
Attachment
Notes:
- DB is same on remote
- Remote is running on real ARM device, given qemu emulation in attachment is only for testing/debugging, a reliable exploit should work on both envs
1. i can union select (it's a pwning challenge, dont go crazy with requests, DB is already given with challenge files, its same on remote)
Real time operating system, what is that ?
nc babyrtos.2021.3k.ctf.to 7777
Attachment
1.
$ strings a.out|grep 3k 3k{XXXXXXXXXXXXXXXXXX}
We've launched our first bugbounty program, Our triage team is eager to hear about your findings !
Bounty Program
Check assets in scope and whether you can leak a flag
Note:
- You need account at intigriti.com to view the scope
- Submit flag here to get CTF points
- Submit a report at intigriti gets you reputation points at intigriti
1. json inconsistencies
1. Black Bauhinia
Can you help me fix my grandfathers TV?
Hi
1. Challenge is mainly reverse. It is involving a stack based VM.
(website is just the interface)
2. You can use fonttools for static analysis
3. You can use fontforge for dynamic analysis
1. Never Stop Exploiting
I need UI designer ... :(
Link
Attachment
1. greunion
2. Black Bauhinia
Store your books safely inside the kernel!
nc klibrary.2021.3k.ctf.to 9994
Attachment
1. zer0pts
2. Kalmarunionen
I can't see what's happening there, but I can feel it.
nc stdout.2021.3k.ctf.to 9998
Attachment
1. zh3r0
2. zer0pts
Mokdad Shili has memories about his old hair and glasses. But his poor brain can't remember these moments.
Can you help him remember that moment?
nc mokdadkey.2021.3k.ctf.to 1777
Attachment
1. Black Bauhinia
2. zer0pts
Would you check my Digital Sophisticated Algorithm ?
Attachment
1. Black Bauhinia
2. Kalmarunionen
3. zer0pts
It's a tiny vm with 5 registers. Use this for your finger math.
nc handvm.2021.3k.ctf.to 7777
Attachment
1. Never Stop Exploiting
2. zh3r0
3. M30W
Guess my password please!
NOTE: flag format is 3k{}
Attachment
1. greunion
2. Never Stop Exploiting
3. Black Bauhinia
I created a C++ program to keep my secrets safe,
all the security mitigations are enabled, don't even try to pwn it.
nc iterrun.2021.3k.ctf.to 9997
Attachment
1. zh3r0
2. M30W
3. zer0pts
Can you break my tiny little box?
NOTE: flag format is flag{}
Attachment
1. The binary for the reversing challenge Layers updated. THE CHANGES WON'T AFFECT THE SOLVING CHAIN NOR THE REVERSING LOGIC/PATH! Good luck.
1. RadboudInstOfPwning
2. greunion
3. Fword
The 2021 version is here! YAY \o/
NOTE: flag format is flag{}
Attachment
1. Never Stop Exploiting
2. greunion
3. Fword
find the imposter
Challenge
Attachment
1. Black Bauhinia
2. greunion
3. zer0pts
nc asr.2021.3k.ctf.to 13371
Source
1. Never Stop Exploiting
2. Black Bauhinia
3. zer0pts
Can you pwn this 1 line syscall?
You just receive what you send to the kernel.
nc echo.2021.3k.ctf.to 9995
Attachment
1. Never Stop Exploiting
2. BirdPerson
3. Kalmarunionen
Threaded win? is that even a thing?
nc masterc.2021.3k.ctf.to 9999
Attachment
1. zh3r0
2. Never Stop Exploiting
3. ISITDTU
pawnshop is the leading hacking tools marketplace, an important auction holding a flag is happening. We want to know if listed items are not leaked before auction ends.
Challenge
Attachment
Note:
- flag is lowercase
- .htpasswd is not meant to be bruteforced, one running in remote is different
1. RadboudInstOfPwning
2. Black Bauhinia
3. Never Stop Exploiting
nc secureroots.2021.3k.ctf.to 13371
Source
1. Black Bauhinia
2. kasiatutej
3. 0nlyFlags
Follow my PATH!
NOTE: flag format is ctf{}
Attachment
1. 0nlyFlags
2. Never Stop Exploiting
3. ISITDTU
browse some emojis
Challenge
Attachment
1. Never Stop Exploiting
2. ISITDTU
3. Black Bauhinia
Doesn't every hash follow the sms protocol (substitute-mix-shift) ? Well, I think so! Therefore, I created my own hash function.
nc sms.2021.3k.ctf.to 1337
Attachment
1. Black Bauhinia
2. 0nlyFlags
3. ISITDTU
Compile & run your code with the 3k online compiler. Our online compiler supports multiple programming languages like Php, Python,...
Link
Attachment
1. Class3E
2. R4v3ns
3. ISITDTU
Please leave your honest feedback, we value your input to improve our next editions.
Hope you had fun !
Feedback form
1. Black Bauhinia
2. HugsForBugs
3. Never Stop Exploiting
I found this weird code. Can you tell me what it does?
Source
1. 0nlyFlags
2. Black Bauhinia
3. ISITDTU
the3000 © 2024