Image

CSAW CTF Finals

Hosted by NYUSEC Website: https://ctf.csaw.io
Starts:
Ends:
Duration: 2 days, 19:00:00
The competition is over!
Scoreboard
#
Name
Country
Score
1
5726

2
5376

3
4676

4
4016

5
3676

6
3296

7
3226

8
3126

9
3026

10
2826

11
2726

12
2726

13
2726

14
2576

15
2476

16
2426

17
2226

18
2196

19
2076

20
2076

21
2001

22
2001

23
1946

24
1876

25
1876

26
1776

27
1766

28
1526

29
1501

30
1176

31
851

32
826

33
826

34
726

35
501

36
501

37
426

38
301

39
151

40
101

41
51

42
51

43
1

44
1



Challenges
  • 200 Points
  • PWN
Description

GLOBETROTTER TRAVEL LLC has deployed a new travel booking system, but somehow they're still losing ground to these 'hip' travel websites... Written by Doom, Ret2 Systems. `nc 1.chal.csaw.io 4321`

Flag

flag{leons_falcon_sucks}

  • 200 Points
  • ETC
Description

Written by Teddy Reed, Facebook This challenge does not involve DoSing the box `(password: welcometocsaw) ssh -p 2222 ubuntu@184.73.120.252`

Flag

flag{kchung_is_wizard}

  • 400 Points
  • REV
Description

Ah, the 70's, a time of love, rock and roll, and the emergence of the microprocessor. At that time, a young upstart company by the name of Intel was doing a contracting job to keep the lights on, and they created an interesting little chip: the Intel 4004. Today, we've mostly forgotten that cute little CPU's legacy, so it might be good for us all to have a little reminder about how innovative it was!

Flag

flag{At_Least_It_Wasnt_An_Aga_Seed}

  • 500 Points
  • PWN
Description

When ever a new ECMAScript version is released browsers rush to implement the features first. Looks like *someone* has implemented the new ES1337 replaceIf function for Chrome, but did they make any mistakes along the way? To help you along this journey we have built both Chrome and V8 for you. See the README.txt for more detailed information! Additional Files: * `ES1337.tar.gz`: (87M) Includes release chrome build, README, spec, patch, POW solver https://drive.google.com/file/d/1V9liO6e4QGzPTwpBsEVCNtC5hayPnrx8/view?usp=sharing * `v8_7.0.276.32_csaw.debug.tar.gz`: (711M) Full debug build of V8 with the patch https://drive.google.com/file/d/1W46Hn0HyWtIMosDNkqt5ixEJUyClacUu/view?usp=sharing Written by itszn, Ret2 Systems Non-NY competitors connect to: `nc 2.chal.csaw.io 1337`

Flag

flag{intl_cpus_scare_me}

  • 100 Points
  • REV
Description

We understand the not everyone can afford IDA. Instead of IDC, check out this alternative, free-as-in-freedom scripting language :)

Flag

flag{werks_on_my_box}

  • 400 Points
  • CRY
Description

Good Luck, k? Author: Paul Kehrer, Trail of Bits. <a href="http://crypto.chal.csaw.io:1000" target="_blank">http://crypto.chal.csaw.io:1000</a> Update: Please message us (@tnek or @_ghost_) on IRC if you have a solver for this challenge that works locally but doesn't work remotely.

Flag

flag{1_0bjective_s3e_wh4t_y0u_d1d_ther3}

  • 250 Points
  • REV
Description

This code is a mess can you fix it?

Flag

flag{There_Are_Too_Many_Spiders_In_My_Web_Assembly}

  • 150 Points
  • WEB
Description

by dr raid <a href="http://web.chal.csaw.io:1001" target="_blank">http://web.chal.csaw.io:1001</a>

Flag

flag{Are_You_the_Hero_or_the_New_Overlord?}

  • 400 Points
  • WEB
Description

I deployed this cool website in the cloud that allows you to know if your online documents are available anywhere. You just provide your link, and it will read it for you. Obviously I restricted it to text files, but I still got hacked recently. Would you be able to help me find out how? <a href="ctf-elb-942178366.us-east-1.elb.amazonaws.com">ctf-elb-942178366.us-east-1.elb.amazonaws.com</a> Written by Jules Denardou & Justin Massey, Datadog

Flag

flag{CFI_byp4ss_mor3_like_d4ta_at7acks_4m_I_write??}

  • 500 Points
  • WEB
Description

Flag is in `/flag.txt` <a href="http://web.chal.csaw.io:1003" target="_blank">http://web.chal.csaw.io:1003</a> Update 5:19 AM EST - distributed file has updated change to match the CSP running on remote.

Flag

flag{Im_trying_to_free_your_mind_But_I_can_only_show_you_the_door_Next_up_for_you_real_pwn2own}

  • 300 Points
  • REV
Description

We must journey deep into the core of the world if we hope to find any meaning here Written by itszn, Ret2 Systems

Flag

flag{h0p3_y0u_3nj0yed_4_FREE_5cr1pting_l4nguag3}

  • 500 Points
  • CRY
Description

I'm losing my mind, are you? `nc crypto.chal.csaw.io 1003`

Flag

flag{Us3_a4ter_l0se_n0w_defeat_CFI!!}

  • 350 Points
  • PWN
Description

WASM is the future of the web! JS devs will be writting c++, what could go wrong? <a href="https://github.com/itszn/chrome-wasm-debugger">This debugger might help kinda _shrug emoji_</a> Written by itszn, Ret2 systems HINT: You can get source via /test.wasm.map and /test.cpp

Flag

flag{the bee movie but every time they say bee it recurses....!}

  • 50 Points
  • WEB
Description

Written by Ron Shmelkin, IBM <a href="http://web.chal.csaw.io:1002" target="_blank">http://web.chal.csaw.io:1002</a>

Flag

flag{ooo000_f4ul7y_4nd_pr3d1c74bl3_000ooo}

  • 450 Points
  • REV
Description

Bee-based denial of service. Maybe eventually this will print out a flag...

Flag

flag{_1t_rUn5_4s_r0o7_5nd_c4n_D0_l0ts_Of_s7up1D_Th1Ng5_!}

  • 1 Points
  • ETC
Description

This is an example of a flag: `flag{welcome_to_csaw_ctf_finals}`

Flag

flag{LSB_4ppr0xim473_4tt4ck_1s_3v3n_b3tt3r}

  • 200 Points
  • PWN
Description

WASM is the future of the web! JS devs will be writting c++, what could go wrong?. <a href="https://github.com/itszn/chrome-wasm-debugger">This debugger might help kinda _shrug emoji_</a> Written by itszn, Ret2 Systems <a href="http://pwn.chal.csaw.io:1000" target="_blank">http://pwn.chal.csaw.io:1000</a> HINT: You can get source via /test.wasm.map and /test.cpp

Flag

flag{th4nks_f0r_s0lving_my_w1nd0wz_ch4ll3ng3}

  • 50 Points
  • CRY
Description

What does it look like? `nc crypto.chal.csaw.io 1001`

Flag

flag{this namespace aint big enough for the two of us 9b74f055}

  • 300 Points
  • CRY
Description

who's fault?? `nc crypto.chal.csaw.io 1002`

Flag

flag{eaf8b4cc2ec7fde3fbaa233ee3af2e4b}

  • 150 Points
  • ETC
Description

A lone figure appears at sundown. Are you a bad enough dude to accept his challenge? NOTE: This is not a resource exhaustion bug, pls be kind to our server - perhaps run it locally first.

Flag

FLAG{RC4_I3_D3AD_BUT_1T_1S_G00D_T0_KN0W}

  • 350 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{SsRF_1s-c0oL_Ag4iN-w1th_cl0uDs}

  • 50 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{LlvM_Passes_4nD_9atCh1ng_8inaryies_4r3_c0ol}

  • 100 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{Even_Easier_Than_Android}

  • 75 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{js_deserialization_bugs_wew_lads:sweaty:}

  • 200 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{Blown_Away_By_Your_Amazing_Shellcode}

  • 50 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{NowyourereadytocrackthePS3YeahSonydidthiswithECDSA}

  • 300 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{Programmable_Rodents_Are_The_Next_Big_Thing}

  • 400 Points
  • V35
Description

PwnAdventure Sourcery is here! Chrome is HIGHLY recommended. All challenges are intended to be solved in-game. <a href="https://sourcery.pwnadventure.com"/>https://sourcery.pwnadventure.com</a> Hotkeys: `WASD` : Navigate `<Space>` : Use Item/Select `E`/`Return`: Interact `I`/`<Tab>` : Inventory `<Escape>` : Pause/Menu/Cancel (Editor) `E` : Edit `N` : New `<Backspace>` Delete

Flag

flag{welcome_to_csaw_ctf_finals}

  • 400 Points
  • PWN
Description

totally not based on printer software that a lot of universities use that is buggy af NOTE: This challenge isn't meant to be an exercise in heap massaging. Use the provided Dockerfile when you need to replicate the env that is running on the server. Your heap offsets may seem not to change, but they will change remotely :P nc pwn.chal.csaw.io 28201

Flag

flag{Hovered_Over_A_Gap_In_Security}

  • 20 Points
  • etc
Description

For NY competitors: come to the TV and beat us in smash

Flag

flag{Right_To_Arm_Bears_With_Cyber_Missiles}

  • 20 Points
  • etc
Description

For NY competitors: Beat us in Chess

Flag

thekeyisinthecomputer

  • 250 Points
  • ETC
Description

For NY Teams: Are you tired of playing a knockoff of a top down super nintendo platformer? Want to play an actual top down super nintendo platformer? Beat rhelmot at the Link to the Past Randomizer and get a flag! All strategies are legal.

Flag

flag{you have become a hyperlink}

  • 600 Points
  • CRY
Description

``` yeah i SMOKE WEED P P E M A PA AOM UC BNRP maps.Secondlife.com/secondlife/_______/23/233/1 M E PRONE O PRR GM K EIY EO E AC U RO S W T S E E E D ```

Flag

flag{clear-as-water}


  • Type
    Jeopardy
  • Status
    Ended
  • Verified Teams
    44
  • Challenges
    33
  • Writeups
    2
Writeups