Here are some of the challenges I authored for various Capture the Flag (CTF) competitions organized by hxp.

All hxp CTFs are archived and available as Virtual Machines (VMs), so you can hack the challenges whenever you want. See: hxp CTF archive

hxp CTF 2018

  • cat flag (troll): cat flag, but flag contains annoying ANSI escape codes - Task
  • Green Computing 1 (pwn): fuckup - use QEMU monitor to dump the system’s memory - Task
  • Green Computing 1 - fixed (pwn): backdoor a Linux system with a malicious ACPI DSDT table - Task
  • Green Computing 2 (pwn): bypass KASLR and backdoor Linux again via ACPI - Task
  • unpack0r (web, misc): exploit differences in PHP’s ZipArchive and unzip - Task
  • time for h4x0rpsch0rr? (web): misconfigured MQTT server; get the subscription log and find the admin’s hidden webcam feed - Task
  • µblog (web): exfiltrate data via a timing attack by injecting CSS selectors into location.hash - Task

hxp CTF 2017

  • drm (rev, crypto): “whitebox” crypto - extract the key of a obfuscated C 8086 emulator running a DOS AES implementation - Task
  • hardened_flag_store (pwn): use a buffer overflow to define seccomp bpf rules that allows to bypass _FORTIFY_SOURCE=2 - Task
  • haveibeenpwning (misc, rev, web): misconfigured sftp server; use SSH forwarding to bypass hosts filter; reverse a small binary - Task

TUM CTF 2016

  • boot2brainfuck (pwn): exploit a DOS brainfuck (BF) compiler with a BF program and get the flag from a floppy using BIOS interrupts - Task
  • httpd (pwn): exploit a hidden format string vulnerability - Task
  • c0py_pr073c710n (pwn): write 16 byte exploit with IV + key in CBC mode - Task
  • b4r3_m374l_fun (pwn): exploit a buffer overflow in multistage bootloader - Task
  • Pfeifenbläser (stego): flag bits are hidden in the order of the Cipher Suite preference in TLS traffic - Task
  • free_as_in_bavarian_beer (web): 101 PHP unserialize exploit - Task
  • totp (web): predict srand(time()) and rand() of a given time to bypass TOTP - Task

TUM CTF Teaser (2015)

  • cloud gaming (pwn): exploit a buffer overflow in a Game Boy ROM - Task