CTF Writeups

The Recursion Vault chal...

This challenge is a global out-of-bounds write.

• The program lets you repeatedly set values[idx] = v.
• There is *...

The server runs ImageMagick through bash -c and tries to escape the uploaded filename. By uploading a file whose filename contains a backslash before $ (`$F

The site is a Gradio “CIA Vault Terminal” that transcribes uploaded audio with Whisper. If the transcription contain...

The challenge provides:

• pk: Kyber public key (K=12)
• ct, iv: AES-256-CBC ciphertext and IV
• leaks...

Category: reverse / misc
Prompt: “An artist’s perspective is always unique”

The binary is a Windows x64 OpenGL/GL...

TL;DR: The service lets anyone point it at an arbitrary MCP server (POST /config). The agent also exposes an internal read_file tool that can read /flag. By hosting a malicious M

We are given a bundled V8 d8 binary and an obfuscated JS file. The service asks for a token via `nc instance.pengu...

GhostDB is a toy database service written in V. The flag is awarded if a single session performs more ...

The service runs a FreeBSD “base system environment manager” binary (env_manager) inside a jail. The binary builds shell commands ...