Root @ Localhost

Solves

Nice

2025-05-14Ishmael42

Very nice and niche CTF challenge

Hexdump

2024-12-09Ishmael42

Why is there not a simple CLI tool for converting hex to ascii? :pray:

Xss

2024-12-09Ishmael42

Solution

HTML

1
<img src="42" onerr="alert(2)">

strings is enough

Flag: `root@localhost{Byp4ss_Sanitiz3r_123}`

Idoor

2024-12-09Ishmael42

Cracking hashes like there’s no tomorrow.

Mini Compiler

2024-12-09Ishmael42

“Remote code execution as a service.”. Reminded me of my freshman year’s moodle exploitation :lol:.

Ez Web

2024-12-09Ishmael42

The statement

duh.

Solution

Inspect the html and find js file.

Ctrl-Shift-I

Find this encoded string in js file.

1
const encodedFlag: 'cm9vdEBsb2NhbGhvc3R7VGhlX3dlYl9jaGFsbF9pc19lYXN5fQ==';

Decode it

$_ base64 -d «< cm9vdEBsb2NhbGhvc3R7VGhlX3dlYl9jaGFsbF9pc19lYXN5fQ==

root@localhost{The_web_chall_is_easy}

Flag: `root@localhost{The_web_chall_is_easy}`

Pixel Secrets

2024-12-09Ishmael42

The statement

Decode the hidden message embedded in this image. Use steganographic techniques to uncover the flag that lies beneath the pixels!

Solution

Should be pretty self explanatory. Classic steganography bruteforce.

$_ docker run –rm -it -v ‘$(pwd):/steg’ rickdejager/stegseek steg1.jpg password.txt

Unable to find image ‘rickdejager/stegseek:latest’ locally
latest: Pulling from rickdejager/stegseek
a70d879fa598: Pull complete
c4394a92d1f8: Pull complete
10e6159c56c0: Pull complete
2a9284816e0c: Pull complete
da918f5114c3: Pull complete
172662ab993b: Pull complete
Digest: sha256:a3c6a82d5b7dd94dc49098c5080a70da8103b7ed3b3718423b3a70d4b43c9a8a
Status: Downloaded newer image for rickdejager/stegseek:latest
StegSeek 0.6 - https://github.com/RickdeJager/StegSeek


        

            
                
                Hidden Truth
                


                2024-12-09Ishmael42
                

                

                



                
                    
                        The statement
A hidden message lies concealed within a jumble of characters and numbers. Can you crack the code and reveal the secret? The mystery is waiting for you to uncover it.
Solution
Strings on the file gives a base64 string.

    
        
            
                $_
            strings -n 65 challenge.png
    
    <x:xmpmeta xmlns:x=‘adobe:ns:meta/’ x:xmptk=‘Image::ExifTool 12.76’>
<rdf:RDF xmlns:rdf=‘http://www.w3.org/1999/02/22-rdf-syntax-ns#'>
Attrib:ExtId03825ccf-d796-4baa-8dda-96a2acd20326</Attrib:ExtId>
<rdf:li xml:lang=‘x-default’>cm9vdEBsb2NhbGhvc3R7QzBuZ3JAdCRfWTB1X0YwdW5kX1RoM19NeXN0M3J5X04wd30=</rdf:li>
cm9vdEBsb2NhbGhvc3R7QzBuZ3JAdCRfWTB1X0YwdW5kX1RoM19NeXN0M3J5X04wd30=
Decode it to get flag
Echo of Time
2024-12-09Ishmael42
The statement
You found an audio file named ab Somewhere within this audio lies a crucial piece of information: a year that marks a significant event. Extract the year hidden in the audio using steganography techniques.
Solution
Open the given file in audacity, and view it as spectogram.
Flag: r00t@localhost{2025}
Play With Qr
2024-12-09Ishmael42
You don’t need A GUI FOR SORTING FILES BY SIZE.
[Older posts] >

Root @ Localhost

Solves

Solution

Flag: root@localhost{Byp4ss_Sanitiz3r_123}

The statement

Solution

Flag: root@localhost{The_web_chall_is_easy}

The statement

Solution

The statement

Solution

The statement

Solution

Flag: r00t@localhost{2025}

Flag: `root@localhost{Byp4ss_Sanitiz3r_123}`

Flag: `root@localhost{The_web_chall_is_easy}`

Flag: `r00t@localhost{2025}`