BCACTF a 7-days long CTF for High Schoolers had some pretty good challenges. Here are some of the writeups which were my favourites.



Binary Exploitation





With 67 solves this challenge was a medium chall. A png and a password protected zip was given.


So first approach was to test strings, LSB, exif…but nothing juicy was there. In the png Saitama was holding a piece of paper. Well if you’re an anime fan it was a scene from S01E05 which wasn’t useful at all xD. I decided to use rockyou against the zip but then I remembered a chall from another CTF which was somewhat similar to this one. So I formed a wordlist out of the strings of png.

strings opm.png > wordlist.txt

and then I used fcrackzip to crack the zip.

fcrackzip -v -D -u -p wordlist.txt superSecure.zip


And luckily we found the password and the flag too.


Binary Exploitation



Well this challenge was more of a reversing chall. It was a kind of successor to executable chall which actually had the flag in strings xD. An ELF executable huh!.


But now this time We really have to pick a ginormous number. Let’s fire GDB…and looking at all the functions, we see only main which is of use. Disassembling main. We see a call to cmp function before exiting.


Let’s set a breakpoint here :

b *0x00000000004006a4

And run. It hits the breakpoint. Let’s check the registers.


We see that rbx has value 0x6b8b4567 which is hex equivalent of 1804289383. Huh ! It asks us if it is 1. So let’s make the value of rbx to 1.

set $rbx=1

and then continuing the program we get a brainfuck string which is pretty much our required flag except it was ROT10… Don’t know why but the real flag didn’t made any sense.


Voila….that was some of the writeups. We ended at 28 overall. That’s it from Team Dc1ph3R