taumf2022: lockout Author: SwitchBlade I seem to have locked myself out of my admin panel! Can you find a way back in for me? Do not connect with HTTPS, make sure to connect with HTTP Link: http://lockout.tamuctf.com Solve I couldn’t solve this one so I referred to this https://www.youtube.com/watch?v=f198HnqCwng&t=206s video. When you attempt to login to the blog, the page gets redirected back to the login page right away because of the 302 response. ...
tamuctf 2022: Lucky Author: nhwn Feeling lucky? I have just the challenge for you :D Reference I could not solve this on my own so I had to refer to this writeup: https://github.com/tj-oconnor/ctf-writeups/tree/main/tamu_ctf/lucky #include <stdio.h> #include <stdlib.h> void welcome() { char buf[16]; printf("Enter your name: "); fgets(buf, sizeof(buf), stdin); printf("\nWelcome, %s\nIf you're super lucky, you might get a flag! ", buf); } int seed() { char msg[] = "GLHF :D"; printf("%s\n", msg); int lol; return lol; } void win() { char flag[64] = {0}; FILE* f = fopen("flag.txt", "r"); fread(flag, 1, sizeof(flag), f); printf("Nice work! Here's the flag: %s\n", flag); } int main() { setvbuf(stdout, NULL, _IONBF, 0); welcome(); srand(seed()); int key0 = rand() == 306291429; int key1 = rand() == 442612432; int key2 = rand() == 110107425; if (key0 && key1 && key2) { win(); } else { printf("Looks like you weren't lucky enough. Better luck next time!\n"); } } In welcome() function, before fgets gets called, rbp-0x10 which is the address to buf is loaded into rax. I passed in aaaabaaacaaadaaaeaaafaaag, the buffer was filled with aaaabaaacaaadaa\0. ...