# gCTF 2023 | LATIZA This document contains some notes about how we solved some of the problems. The idea is to write the process to get to the solution rather than describing them. The hardest part for beginners is going from 0 to 1. The main goal is that everyone from the team can be on the same page about the resources and tools used. The source code of this document is in [this repository](https://git.o-for.net/marx/gctf-2023-retro). ## tools Main tools used during the competition. **nc** [netcat](https://en.wikipedia.org/wiki/Netcat) command is available in Unix. Used to connect to remote services. In this case, several challenges are hosted in a server, and you should interact with the server to get the flag. nc wfw1.2023.ctfcompetition.com 1337 **pwntools** [pwntools](https://github.com/Gallopsled/pwntools#readme) is a python library with several useful primitives for CTFs. In particular, we used it as a programmatic replacement for `nc`. from pwn import * r = remote('wfw1.2023.ctfcompetition.com', 1337) r.sendline('hello') r.recvline() This way, it is easier to automatize the interaction with the server. **Decompiler** [Ghidra](https://github.com/NationalSecurityAgency/ghidra) Great tool to decompile binaries. You get some pseudo-C code. Pictures of some problems. I've read in the general gctf discord about some alternatives that I haven't tried: - [Radare2](https://rada.re/n/) - [IDA](https://hex-rays.com/ida-pro/) This one seems very good but is not free. - [Binary Ninja](https://binary.ninja/) **Debugger** [dbg](https://www.sourceware.org/gdb/) - [pwndbg](https://github.com/pwndbg/pwndbg) `is a GDB plug-in that makes debugging with GDB suck less` This one works great. **Solver** - [Z3](https://github.com/Z3Prover/z3) is a powerful theorem prover. You can think about it like an SAT solver on steroids. - What was the other alternative mentioned by @alex for C++ symbolic execution? **Other UNIX tools** - readelf - strings - ??? **Hex editor** Edit binary files with hex editors. I have used [Hex Editor](https://marketplace.visualstudio.com/items?itemName=ms-vscode.hexeditor) extension from VSCode. ## misc Everything that doesn't fit in the other categories. - [MINE THE GAP](mine-the-gap.md) - NPC - PAPAPAPA - SYMATRIX - TOTALLY NOT BRUTE FORCE ## crypto Usually, it is easy to understand the goal by inspecting the given code. The problem is generally about cracking some insecure crypto primitive involving "heavy" math. - CURSVED - LEAST COMMON GENOMINATOR - MHK2 - MYTLS - PRIMES - ZIP ## pwn You are given an application (usually in a stand-alone binary or a binary running in a server) with some "clear" functionality containing a not-so-clear vulnerability. In this case, the goal is to exploit the vulnerability to make the app do something unintended. Some common vulnerabilities are gaining shell access or reading a file you are not supposed to read. - GRADEBOOK - KCONCAT - STORYGEN - UBF - WATTHEWASM - [WRITE-FLAG-WHERE](write-flag-where.md) ## reversing You are given an application (usually in a stand-alone binary or a binary running in a server) with an obscure functionality. The first part of the goal is trying to figure out what the application is doing by inspecting the code. - AUXIN - FLANGTON - JXL - OLDSCHOOL - PNG2 - TURTLE - ZERMATT ## web You are given a web application with some functionality. The goal is to exploit some vulnerability in the web application to get the flag. This is where you will find the most common vulnerabilities, like SQL injection, XSS, etc. - BIOHAZARD - NOTENINJA - POSTVIEWER V2 - UNDER-CONSTRUCTION - VEGGIE SODA ## sandbox You are given a sandboxed environment where you can run some code. The goal is to exploit some vulnerability in the sandbox to get the flag. - FASTBOX - GVISOR - LIGHTBOX - V8BOX