/r/securityCTF

Photograph via snooOG

/r/securityCTF

47,655 Subscribers

3

Automation of reverse engineering

I saw last year during a CTF, where a person used a tool which would run all branches of a file automatically and find the CTF flag. Does anyone know the name of the tool?

2 Comments
2024/12/02
04:06 UTC

3

[Worldwide CTF] Join Cyber League 2.0, a next-gen CTF competition

🔥 Cyber League Season 2.0: Ultimate Cybersecurity Showdown! 🔥

Calling all cybersecurity enthusiasts, students, and professionals worldwide! Cyber League 2.0 is back with its most epic competition yet!

Competition Breakdown:

1️⃣ MAJOR ROUND

  • 📆 Date: 11 January 2025
  • 🕰️ Format: 24-Hour Jeopardy
  • 💰 Prizes:
    • 1st: CyberArk Training Voucher + $500 SGD
    • 2nd: CyberArk Training Voucher + $200 SGD
    • 3rd: CyberArk Training Voucher + $100 SGD

2️⃣ PLAYOFF (Onsite)

  • 📆 Date: 8 February 2025
  • 🕰️ Format: Super Jeopardy
  • 💰 Prizes:
    • 1st: STANDCON2025 Ticket + $700 SGD
    • 2nd: STANDCON2025 Ticket + $600 SGD
    • 3rd: STANDCON2025 Ticket + $400 SGD

3️⃣ GRAND FINALS (Onsite)

  • 📆 Date: 7 March 2025
  • 🕰️ Format: Head-to-Head
  • 💰 Prizes:
    • 1st: $3000 SGD
    • 2nd: $1000 SGD

Competition Details:

  • 💻 Team Format: Solo or teams (max 3 members)
  • 🌍 Open to everyone 18+
  • Under 18? Join with parent/guardian consent!

Challenge Categories:

  • Web
  • Pwn
  • Misc
  • Forensics
  • Reverse Engineering
  • Cryptography

About Cyber League:

Pioneered in 2020, the Cyber League is a cybersecurity movement that provides a competitive platform for students and professionals to develop their skills. Fronted by N0H4TS, we aim to build a thriving community of cybersecurity talent.

Our Journey: Apprentice → Elite → Master

Why Participate?

  • Win awesome prizes
  • Prove your cybersecurity skills
  • Engage with top competitors
  • Learn and grow in cybersecurity

🔗 Quick Links:

⚡️ Secure your spot now and join the ultimate cybersecurity challenge! ⚡️

0 Comments
2024/11/30
07:04 UTC

3

Need some help in the a steganography Challenge

Basically I am trying to learn more about CTF and steganography by doing some challenges and I am currently stuck. It's basically on how to hide information in audio. It's a set of 3 challenges I have made some progress in it but if anyone's interested in doing the challenges/in helping me feel free to reach out.

Link to audio files https://drive.google.com/drive/folders/1FKn6LKhcqQi3b4vCeZygPskIQPPvBoff?usp=sharing

Link to binary files I was able to extract https://drive.google.com/drive/folders/1QVBEOdXTLHoMrC0D6OVfsnbbckptQqLm?usp=sharing

12 Comments
2024/11/30
07:03 UTC

3

Searching for this ctf website

It was about trying to crack a digital Lock, it was a journey/progressive type of ctf and we were provided with source code, exploits, model numbers, I don't remember very much unfortunately.

I would be really grateful for any help, it's been 2 days since I've been searching but to no avail.

Thank you

2 Comments
2024/11/29
16:41 UTC

22

World Wide CTF Starts Tomorrow – Join Now!

Hi all,

Tomorrow (11/30), my CTF team, World Wide Flags, is hosting our very first CTF event! It's going to be a super fun and challenging competition, with something for everyone – whether you're a beginner or an seasoned pro. We'll have challenges across multiple categories including reverse engineering, pwn, web, crypto, forensics, OSINT and more!

The event will run for 24 hours, starting at 7:00 AM EST. Registration is already open, and you can join and find this discord here:

https://ctftime.org/event/2572

More info here:

https://x.com/WWFlags/status/1862462329017049146

We hope to see you there! 🎉

1 Comment
2024/11/29
13:41 UTC

13

NEED CTF GUIDE

Hey im pursuing Cybersecurity engineering and i want to prepare myself for CTFS , i asked many people and they have recomended me to practice on PICO , HTB CTF ,hacker101, Tryhackme , CTFtime , Overthewire , vulnhub and etc...
but the problem is im at the level 0 i need to understand the concepts
WHERE is the best place to learn them and

WHAT IS THE BEST WAY TO LEARN AND BE STRONG IN THE CONCEPTS

i found some resourses on github , found some youtube playlists , but if theres any better way lemme know
or is there any platform that teaches me and tests me (entirely beginner level

21 Comments
2024/11/27
14:29 UTC

7

Looking for CTF buddies? Join WeTheCyber on Discord!

Hey everyone!

I just started a Discord group called WeTheCyber, and it’s all about teaming up for CTF (Capture the Flag) challenges. The idea is to meet up, work on different challenges together, and get ready for competitions.

Doesn’t matter if you’re just starting out or already crushing CTFs—everyone’s welcome! It’s all about learning, collaborating, and having fun with cybersecurity.

If that sounds like your vibe, hop in and say hi. Let’s tackle some challenges and get prepped for the next big competition!

https://discord.gg/zQeRNeyd

Hope to see you there!

0 Comments
2024/11/26
16:04 UTC

2

Help solving cipher

Guys I need help solving this string

"dMmSIihb91GQusDvC4pTWcQ7leNMEPz8iMyzMKoP+us="

As much as I know it leads to a link

14 Comments
2024/11/25
12:40 UTC

21

How do I start doing ctf?

I want to start doing ctf but idk if I should just find an easy one and start doing it or try to maybe learn basic Linux commands or anything like that can anyone help?

12 Comments
2024/11/24
04:40 UTC

3

Discord Bot

Hi is there any publicly available discord bots to use that'll update on new ctf events from ctf time or show the upcoming ctf events?

1 Comment
2024/11/22
08:09 UTC

8

New Team Join

I made a new ctf team it has some members mostly are new with not much experience, it is open for everyone currently if u r intrested to do ctfs regularly please join.

Discord Invite

1 Comment
2024/11/21
17:44 UTC

1

Need some help in the a steganography Challenge

Basically I am trying to learn more about CTF and steganography by doing some challenges and I am currently stuck. It's basically on how to hide information in audio. It's a set of 3 challenges I have made some progress in it but if anyone's interested in doing the challenges/in helping me feel free to reach out.

Link to audio files https://drive.google.com/drive/folders/1FKn6LKhcqQi3b4vCeZygPskIQPPvBoff?usp=sharing

Link to binary files I was able to extract https://drive.google.com/drive/folders/1QVBEOdXTLHoMrC0D6OVfsnbbckptQqLm?usp=sharing
Edit - Added audio file link and binary file link

4 Comments
2024/11/20
15:04 UTC

5

random ctf

7 Comments
2024/11/20
08:09 UTC

2

Spare laptop question

I had a question so I have a spare laptop it's Lenovo t480s wondering If it's worth installing Kali or parrot is it. For projects in CTFs, I normally run everything off my new laptop cuz this was my old one I primarily use windows with WSL2 and virtual machines to do everything. Or raspberry pi / a tablet. Is it worth setting up or just leave it in the closet? I'm assuming it could be used for CTFs as well as other projects was like a portable working rig.

1 Comment
2024/11/18
15:19 UTC

1

TyphoonCon Call For Training Is Now Open For Submissions!

🌪️Heads up trainers: TyphoonCon 2025 Call for Training is now open!

Be part of the best all-offensive security conference in Asia!

Submit your training today at: https://typhooncon.com/call-for-training-2025/

0 Comments
2024/11/17
10:50 UTC

18

Looking for a team.

Cybersecurity student from Brazil here. Recently I started doing CTF's alone and found them really fun and interesting to do. Quickly tho, I realysed that doing them with a team might be more productive and resourcefull. So , Im currently looking for a team willing to take a newbie, or a team of newbies that wants to learn togheter. Cheers!

7 Comments
2024/11/16
15:59 UTC

12

root-me.org CSP (content security policy)Bypass - Nonce challenge

well in this challenge ,i need to preform a xss to steal admin cookie ,

The server uses the following strict CSP header:

Content-Security-Policy: connect-src 'none'; font-src 'self'; frame-src 'none'; img-src 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'nonce-cf017877baf9f4ac6d1b56918a1f6107'; style-src 'self'; worker-src 'none'; frame-ancestors 'none'; block-all-mixed-content;

There’s a reflected XSS vulnerability in a username field that reflects input back into the page. The server uses a nonce for the CSP which is generated by taking the first 10 characters of the username field, appending the current date, and padding it with 'A' if necessary.

<script nonce="PHNjcmlwdCBubzE2LTExLTIwMjQ=">setTimeout(function(){ alert("xss"); }, 0);</script>

the above payload successfully prompted xss on the screen .

The server is blocking certain keywords and characters:

  • . (period) is blocked.
  • 'document' and 'eval' are blocked as well.

My goal is to steal the admin’s cookie using XSS. However, since document and . are blocked, I’m struggling to find a way to bypass these restrictions and steal the cookie.

need help .

4 Comments
2024/11/16
07:00 UTC

1

Help me with my ctf

Hello im doing a ctf,
The name is padding oracle.
I have a slight understanding what it is and have written some code and almost got the key i think.
But know im stuck because the key does not show right.

here is my code:
import base64

from Crypto.Cipher import AES

from Crypto.Util.Padding import unpad

import requests

def is_valid_padding(ciphertext, block_size=16):

try:

# Decrypt the ciphertext (this will raise an error if padding is wrong)

cipher = AES.new(b'0123456789abcdef', AES.MODE_CBC, iv=b'0123456789abcdef') # dont realy know right now

decrypted_data = unpad(cipher.decrypt(ciphertext), block_size)

return True

except ValueError:

return False

def check_padding_oracle(url, ciphertext):

response = requests.get(url, params={'content': ciphertext})

if 'Valid padding' in response.text:

return True

elif 'Invalid padding' in response.text:

return False

else:

print(f"Unexpected response: {response.text}")

return None

def fix_base64_url_encoding(base64_str):

base64_str = base64_str.replace('-', '+').replace('_', '/')

return base64_str

def fix_base64_padding(base64_str):

padding_needed = len(base64_str) % 4

if padding_needed != 0:

base64_str += '=' * (4 - padding_needed)

return base64_str

# Example usage

ciphertext_base64 = 'uyHav4B2ymYOhTFhKG-qA0Zj47OfZ2X1VkBHvdTRzLkQQXF3r4ti9BM1aU2-wp0vhqrT-W6pVOzqv98p8TvFbOJjzKrZLNDBCsLrSj9BnsJjQNI41yKVqPqJWZJ6LTIQ'

ciphertext_base64 = fix_base64_url_encoding(ciphertext_base64)

ciphertext_base64 = ciphertext_base64.strip() # Remove leading/trailing spaces

ciphertext_base64 = fix_base64_padding(ciphertext_base64)

try:

ciphertext = base64.b64decode(ciphertext_base64)

except Exception as e:

print(f"Error decoding base64: {e}")

exit(1)

if is_valid_padding(ciphertext):

print("The padding is valid.")

else:

print("The padding is invalid.")

url = "example.coml"

is_valid = check_padding_oracle(url, ciphertext_base64)

if is_valid is not None:

print(f"The padding is {'valid' if is_valid else 'invalid'} on the server.")

Someone an idea?

1 Comment
2024/11/14
20:09 UTC

19

Just found google beginners quest... should I quit?

I just found google's ctf beginner's quest. I have literally no idea where to start on any of the challenges. I have been practicing on htb (following along). Does this mean I should give up any hope of a career in cyber security? Are there positions which operate at a higher level/perspective ie. minimal coding?

11 Comments
2024/11/14
17:54 UTC

2

how do i recover a damaged zip file to find the flag?

im new to the CTF stuff and i had a challange to find the flag in this zip file, but the file is damaged, its probably part of the challenge but ive been stuck on this challenge for a while.

6 Comments
2024/11/14
08:34 UTC

8

Looking for a better app to compile write-ups

Hi everyone I'm looking for suggestions on a better app to take down notes/compile my own write-ups on currently I use OneNote but it feels too messy as it's hard for me to look for specific things since I have too many different sections like so:

https://preview.redd.it/5629t68cfs0e1.png?width=1230&format=png&auto=webp&s=0b0c42ca04d3c77f31969379d49338bcae762466

7 Comments
2024/11/14
03:35 UTC

18

Looking for CTF Teammates!

We’ve placed in the top 3% of recent CTFs like IRON CTF, SunshineCTF & BlueHensCTF. Top 5% in SpookyCTF and are currently among the Top 100 teams on HackTheBox. We're pushing for even more!

What We’re Looking For:

  • Intermediate to Advanced Players ready to level up.
  • Team Players who enjoy collaborating on CTFs and HackTheBox challenges.
  • Passionate Juniors eager to learn and grow.

If you're serious about improving and competing with a motivated team, DM me!!

23 Comments
2024/11/13
10:56 UTC

3

Repeating Key XOR Cipher

Hi everyone, I was trying a ctf challenge where multiple random 5 byte keys are XORed with the flag to produce the final encrypted ciphertext. A total of 1955 keys are used. If anyone has any pointers, please help

4 Comments
2024/11/10
21:16 UTC

2

Beginner’s Doubts at CTF

I just started doing ctf last month , although web ctfs are a pain but are fun to solve , have a couple of doubts

  1. Couple of challenges had hardcoded values of the database but no way to access them using the remote server ( also one of them being wordpress site)
  2. How do you connect from the localhost, some challenges wanted me to connect to

Or hit certain end points where they are expecting it to come from local host but they are hosted to some ip? How to deal with such situations?

1 Comment
2024/11/10
21:13 UTC

5

INE CTF Escalation Odyssey 2024

Is anyone actively participating in this event?

19 Comments
2024/11/07
20:08 UTC

1

CTF challenge

Hi everybody

I'm a beginer in ctf, I just learned about sql injection, so can anyone please help me solve this level.

this is source code:

include "flag.php";
if (isset($_POST["username"]) && isset($_POST["password"])) {
  try {
include "db.php";
$sql = "SELECT username, password FROM users WHERE username='" . $_POST["username"] . "'";
$db_result = $database->query($sql);
if ($db_result->num_rows > 0) {
$row = $db_result->fetch_assoc(); 
$password = $row["password"];
if ($password === $_POST["password"]) {
$username = $row["username"];
if ($username === "admin") {
$message = "Wow you can log in as admin, here is your flag $flag4, but how about <a href='level5.php'>THIS LEVEL</a>!";
} else
$message = "You log in as $username, but then what? You are not an admin";
} else
$message = "Wrong username or password";
} else {
$message = "Username not found";

3 Comments
2024/11/06
11:51 UTC

6

CTF write up tool.

I am looking for a tool that I can use to take screenshots of steps I take during a CTF challenge. I want this to help me reduce having to manually take and crop screenshots for my write up document. Does such a tool exist?

6 Comments
2024/11/05
23:50 UTC

Back To Top