LIVETHREAT INTELLIGENCE
NVD/NISTCVE-2025-29927 β€” Next.js Middleware Auth Bypass Β· All versions <15.2.3 affectedCRITICAL 9.1β—†AlienVault OTXAPT29 (Cozy Bear) β€” Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3β—†Recorded FutureCl0p Ransomware β€” MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5β—†Shodan22,000+ Redis Instances Exposed on Port 6379 β€” No Auth β€” Cryptominer RiskHIGH 8.9β—†VirusTotalCVE-2025-21298 β€” Windows OLE Remote Code Execution Β· CISA KEV Catalog AddedCRITICAL 9.8β—†Censys14,500+ Exposed Kubernetes API Servers Detected β€” Anonymous Access EnabledHIGH 8.7β—†AlienVault OTXFIN7 Carbanak Group β€” New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4β—†NVD/NISTCVE-2025-24813 β€” Apache Tomcat RCE via Partial PUT Β· Exploit Code PublicCRITICAL 9.8β—†Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed Β· PII + Insurance DataHIGH 8.1β—†VirusTotalLumma Stealer v4.1 β€” New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6β—†NVD/NISTCVE-2025-30065 β€” Apache Parquet RCE via Schema Parsing Β· CVSS Maximum ScoreCRITICAL 10.0β—†Recorded FutureSalt Typhoon (China) β€” Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2β—†VirusTotalDragonForce Ransomware β€” New Affiliate Program Attracting LockBit DefectorsHIGH 8.5β—†ShodanCitrix NetScaler Bleed (CVE-2023-4966) β€” 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4β—†CensysIvanti Connect Secure 0-Day Chain β€” Nation-State Actor Exploitation ConfirmedCRITICAL 9.0β—†AlienVault OTXBEC Surge Q1 2026 β€” $3.1B in Wire Fraud Β· AI Voice Cloning in UseHIGH 7.9β—†NVD/NISTCVE-2025-29927 β€” Next.js Middleware Auth Bypass Β· All versions <15.2.3 affectedCRITICAL 9.1β—†AlienVault OTXAPT29 (Cozy Bear) β€” Active Spear-Phishing Campaign Targeting NATO DiplomatsCRITICAL 9.3β—†Recorded FutureCl0p Ransomware β€” MOVEit-style Campaign Targeting MFT Solutions GloballyCRITICAL 9.5β—†Shodan22,000+ Redis Instances Exposed on Port 6379 β€” No Auth β€” Cryptominer RiskHIGH 8.9β—†VirusTotalCVE-2025-21298 β€” Windows OLE Remote Code Execution Β· CISA KEV Catalog AddedCRITICAL 9.8β—†Censys14,500+ Exposed Kubernetes API Servers Detected β€” Anonymous Access EnabledHIGH 8.7β—†AlienVault OTXFIN7 Carbanak Group β€” New JavaScript Backdoor Targeting Retail POS SystemsHIGH 8.4β—†NVD/NISTCVE-2025-24813 β€” Apache Tomcat RCE via Partial PUT Β· Exploit Code PublicCRITICAL 9.8β—†Recorded FutureDark Web Auction: 2.1M U.S. Healthcare Records Listed Β· PII + Insurance DataHIGH 8.1β—†VirusTotalLumma Stealer v4.1 β€” New Evasion Bypass for Windows Defender SmartScreenHIGH 8.6β—†NVD/NISTCVE-2025-30065 β€” Apache Parquet RCE via Schema Parsing Β· CVSS Maximum ScoreCRITICAL 10.0β—†Recorded FutureSalt Typhoon (China) β€” Telco Backdoors Persist in 3 U.S. Carriers Post-DisclosureCRITICAL 9.2β—†VirusTotalDragonForce Ransomware β€” New Affiliate Program Attracting LockBit DefectorsHIGH 8.5β—†ShodanCitrix NetScaler Bleed (CVE-2023-4966) β€” 4,800 Unpatched Hosts Still ExploitableCRITICAL 9.4β—†CensysIvanti Connect Secure 0-Day Chain β€” Nation-State Actor Exploitation ConfirmedCRITICAL 9.0β—†AlienVault OTXBEC Surge Q1 2026 β€” $3.1B in Wire Fraud Β· AI Voice Cloning in UseHIGH 7.9β—†
Training Labs

Hands-On CTF Challenges

12 structured Capture The Flag challenges built on real-world attack vectors β€” SQL Injection, buffer overflow exploitation, cryptographic analysis, digital forensics, and OSINT. Inspired by hands-on methodology from Beginning Ethical Hacking with Kali Linux and Linux Basics for Hackers. Always legal, always isolated.

12
Challenges
10,700pts
Total Points
4
Difficulty Levels
8
Categories

All Challenges

πŸ”

ROT What?

Beginner
CryptographyπŸ† 75 ptsβœ… 0 solves

The following message was intercepted: UF{ebg_guvegrra_vf_abg_frpher}. Decode it to find the flag. Note: the flag format is HS{...}

πŸ’‘ Show Hint
This is a simple Caesar cipher. Try ROT13 first.
πŸ”’ Sign Up to Submit Flags
πŸ”

ROT What?

Beginner
CryptographyπŸ† 75 ptsβœ… 0 solves

The following message was intercepted: UF{ebg_guvegrra_vf_abg_frpher}. Decode it to find the flag. Note: the flag format is HS{...}

πŸ’‘ Show Hint
This is a simple Caesar cipher. Try ROT13 first.
πŸ”’ Sign Up to Submit Flags
πŸ”

ROT What?

Beginner
CryptographyπŸ† 75 ptsβœ… 0 solves

The following message was intercepted: UF{ebg_guvegrra_vf_abg_frpher}. Decode it to find the flag. Note: the flag format is HS{...}

πŸ’‘ Show Hint
This is a simple Caesar cipher. Try ROT13 first.
πŸ”’ Sign Up to Submit Flags
πŸ”

ROT What?

Beginner
CryptographyπŸ† 75 ptsβœ… 0 solves

The following message was intercepted: UF{ebg_guvegrra_vf_abg_frpher}. Decode it to find the flag. Note: the flag format is HS{...}

πŸ’‘ Show Hint
This is a simple Caesar cipher. Try ROT13 first.
πŸ”’ Sign Up to Submit Flags
🌐

The Open Door

Beginner
Web SecurityπŸ† 100 ptsβœ… 0 solves

A login form on port 80 accepts any username. The admin account was set up with a very obvious password. Find it and submit the flag found in the /admin panel.

πŸ’‘ Show Hint
Think about the most common admin passwords used in default configurations.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

Packet Detective

Beginner
Network SecurityπŸ† 100 ptsβœ… 0 solves

A PCAP file has been captured from a compromised network segment. Analyze the traffic and find the plaintext credentials being transmitted. The flag is the password.

πŸ’‘ Show Hint
Filter for HTTP POST requests or FTP traffic in Wireshark. Look for Authorization headers.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

Packet Detective

Beginner
Network SecurityπŸ† 100 ptsβœ… 0 solves

A PCAP file has been captured from a compromised network segment. Analyze the traffic and find the plaintext credentials being transmitted. The flag is the password.

πŸ’‘ Show Hint
Filter for HTTP POST requests or FTP traffic in Wireshark. Look for Authorization headers.
πŸ”’ Sign Up to Submit Flags
🌐

The Open Door

Beginner
Web SecurityπŸ† 100 ptsβœ… 0 solves

A login form on port 80 accepts any username. The admin account was set up with a very obvious password. Find it and submit the flag found in the /admin panel.

πŸ’‘ Show Hint
Think about the most common admin passwords used in default configurations.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

Packet Detective

Beginner
Network SecurityπŸ† 100 ptsβœ… 0 solves

A PCAP file has been captured from a compromised network segment. Analyze the traffic and find the plaintext credentials being transmitted. The flag is the password.

πŸ’‘ Show Hint
Filter for HTTP POST requests or FTP traffic in Wireshark. Look for Authorization headers.
πŸ”’ Sign Up to Submit Flags
🌐

The Open Door

Beginner
Web SecurityπŸ† 100 ptsβœ… 0 solves

A login form on port 80 accepts any username. The admin account was set up with a very obvious password. Find it and submit the flag found in the /admin panel.

πŸ’‘ Show Hint
Think about the most common admin passwords used in default configurations.
πŸ”’ Sign Up to Submit Flags
🌐

The Open Door

Beginner
Web SecurityπŸ† 100 ptsβœ… 0 solves

A login form on port 80 accepts any username. The admin account was set up with a very obvious password. Find it and submit the flag found in the /admin panel.

πŸ’‘ Show Hint
Think about the most common admin passwords used in default configurations.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

Packet Detective

Beginner
Network SecurityπŸ† 100 ptsβœ… 0 solves

A PCAP file has been captured from a compromised network segment. Analyze the traffic and find the plaintext credentials being transmitted. The flag is the password.

πŸ’‘ Show Hint
Filter for HTTP POST requests or FTP traffic in Wireshark. Look for Authorization headers.
πŸ”’ Sign Up to Submit Flags
🌐

SQL Speak

Beginner
Web SecurityπŸ† 150 ptsβœ… 0 solves

The search function on this vulnerable app passes user input directly to a SQL query. Extract the hidden flag from the database using SQL injection.

πŸ’‘ Show Hint
Try a single quote and observe the error message. UNION-based injection might help here.
πŸ”’ Sign Up to Submit Flags
🌐

SQL Speak

Beginner
Web SecurityπŸ† 150 ptsβœ… 0 solves

The search function on this vulnerable app passes user input directly to a SQL query. Extract the hidden flag from the database using SQL injection.

πŸ’‘ Show Hint
Try a single quote and observe the error message. UNION-based injection might help here.
πŸ”’ Sign Up to Submit Flags
🌐

SQL Speak

Beginner
Web SecurityπŸ† 150 ptsβœ… 0 solves

The search function on this vulnerable app passes user input directly to a SQL query. Extract the hidden flag from the database using SQL injection.

πŸ’‘ Show Hint
Try a single quote and observe the error message. UNION-based injection might help here.
πŸ”’ Sign Up to Submit Flags
🌐

SQL Speak

Beginner
Web SecurityπŸ† 150 ptsβœ… 0 solves

The search function on this vulnerable app passes user input directly to a SQL query. Extract the hidden flag from the database using SQL injection.

πŸ’‘ Show Hint
Try a single quote and observe the error message. UNION-based injection might help here.
πŸ”’ Sign Up to Submit Flags
🌐

XSS Playground

Intermediate
Web SecurityπŸ† 200 ptsβœ… 0 solves

The comment section of this blog is vulnerable to XSS. Inject a script that reads document.cookie and displays it in an alert. The flag is embedded in the admin cookie.

πŸ’‘ Show Hint
Use <script>alert(document.cookie)</script> as a starting point. The admin auto-visits pages.
πŸ”’ Sign Up to Submit Flags
πŸ–ΌοΈ

Hidden in Plain Sight

Intermediate
SteganographyπŸ† 200 ptsβœ… 0 solves

An image file named evidence.jpg was recovered from a suspect's computer. The flag is hidden inside. Use steganography tools to extract it.

πŸ’‘ Show Hint
Try steghide with an empty password. Also check the metadata with exiftool.
πŸ”’ Sign Up to Submit Flags
🌐

XSS Playground

Intermediate
Web SecurityπŸ† 200 ptsβœ… 0 solves

The comment section of this blog is vulnerable to XSS. Inject a script that reads document.cookie and displays it in an alert. The flag is embedded in the admin cookie.

πŸ’‘ Show Hint
Use <script>alert(document.cookie)</script> as a starting point. The admin auto-visits pages.
πŸ”’ Sign Up to Submit Flags
🌐

XSS Playground

Intermediate
Web SecurityπŸ† 200 ptsβœ… 0 solves

The comment section of this blog is vulnerable to XSS. Inject a script that reads document.cookie and displays it in an alert. The flag is embedded in the admin cookie.

πŸ’‘ Show Hint
Use <script>alert(document.cookie)</script> as a starting point. The admin auto-visits pages.
πŸ”’ Sign Up to Submit Flags
πŸ–ΌοΈ

Hidden in Plain Sight

Intermediate
SteganographyπŸ† 200 ptsβœ… 0 solves

An image file named evidence.jpg was recovered from a suspect's computer. The flag is hidden inside. Use steganography tools to extract it.

πŸ’‘ Show Hint
Try steghide with an empty password. Also check the metadata with exiftool.
πŸ”’ Sign Up to Submit Flags
πŸ–ΌοΈ

Hidden in Plain Sight

Intermediate
SteganographyπŸ† 200 ptsβœ… 0 solves

An image file named evidence.jpg was recovered from a suspect's computer. The flag is hidden inside. Use steganography tools to extract it.

πŸ’‘ Show Hint
Try steghide with an empty password. Also check the metadata with exiftool.
πŸ”’ Sign Up to Submit Flags
🌐

XSS Playground

Intermediate
Web SecurityπŸ† 200 ptsβœ… 0 solves

The comment section of this blog is vulnerable to XSS. Inject a script that reads document.cookie and displays it in an alert. The flag is embedded in the admin cookie.

πŸ’‘ Show Hint
Use <script>alert(document.cookie)</script> as a starting point. The admin auto-visits pages.
πŸ”’ Sign Up to Submit Flags
πŸ–ΌοΈ

Hidden in Plain Sight

Intermediate
SteganographyπŸ† 200 ptsβœ… 0 solves

An image file named evidence.jpg was recovered from a suspect's computer. The flag is hidden inside. Use steganography tools to extract it.

πŸ’‘ Show Hint
Try steghide with an empty password. Also check the metadata with exiftool.
πŸ”’ Sign Up to Submit Flags
πŸ”Ž

OSINT Trail

Intermediate
OSINTπŸ† 250 ptsβœ… 0 solves

A threat actor posted on a public forum using the handle "h0r1z0n_hax0r". Find their GitHub account, locate a repository they created in 2024, and find the flag hidden in the commit history.

πŸ’‘ Show Hint
Search GitHub for the username. Check all commits including initial ones. git log --all -p might help.
πŸ”’ Sign Up to Submit Flags
πŸ”Ž

OSINT Trail

Intermediate
OSINTπŸ† 250 ptsβœ… 0 solves

A threat actor posted on a public forum using the handle "h0r1z0n_hax0r". Find their GitHub account, locate a repository they created in 2024, and find the flag hidden in the commit history.

πŸ’‘ Show Hint
Search GitHub for the username. Check all commits including initial ones. git log --all -p might help.
πŸ”’ Sign Up to Submit Flags
πŸ”

Hash Cracker

Intermediate
CryptographyπŸ† 250 ptsβœ… 0 solves

Three hashes were recovered from a database dump. Crack them all: 5f4dcc3b5aa765d61d8327deb882cf99, 482c811da5d5b4bc6d497ffa98491e38, 21232f297a57a5a743894a0e4a801fc3

πŸ’‘ Show Hint
These are MD5 hashes. Try CrackStation or rockyou.txt with hashcat. All are common passwords.
πŸ”’ Sign Up to Submit Flags
πŸ”

Hash Cracker

Intermediate
CryptographyπŸ† 250 ptsβœ… 0 solves

Three hashes were recovered from a database dump. Crack them all: 5f4dcc3b5aa765d61d8327deb882cf99, 482c811da5d5b4bc6d497ffa98491e38, 21232f297a57a5a743894a0e4a801fc3

πŸ’‘ Show Hint
These are MD5 hashes. Try CrackStation or rockyou.txt with hashcat. All are common passwords.
πŸ”’ Sign Up to Submit Flags
πŸ”Ž

OSINT Trail

Intermediate
OSINTπŸ† 250 ptsβœ… 0 solves

A threat actor posted on a public forum using the handle "h0r1z0n_hax0r". Find their GitHub account, locate a repository they created in 2024, and find the flag hidden in the commit history.

πŸ’‘ Show Hint
Search GitHub for the username. Check all commits including initial ones. git log --all -p might help.
πŸ”’ Sign Up to Submit Flags
πŸ”Ž

OSINT Trail

Intermediate
OSINTπŸ† 250 ptsβœ… 0 solves

A threat actor posted on a public forum using the handle "h0r1z0n_hax0r". Find their GitHub account, locate a repository they created in 2024, and find the flag hidden in the commit history.

πŸ’‘ Show Hint
Search GitHub for the username. Check all commits including initial ones. git log --all -p might help.
πŸ”’ Sign Up to Submit Flags
πŸ”

Hash Cracker

Intermediate
CryptographyπŸ† 250 ptsβœ… 0 solves

Three hashes were recovered from a database dump. Crack them all: 5f4dcc3b5aa765d61d8327deb882cf99, 482c811da5d5b4bc6d497ffa98491e38, 21232f297a57a5a743894a0e4a801fc3

πŸ’‘ Show Hint
These are MD5 hashes. Try CrackStation or rockyou.txt with hashcat. All are common passwords.
πŸ”’ Sign Up to Submit Flags
πŸ”

Hash Cracker

Intermediate
CryptographyπŸ† 250 ptsβœ… 0 solves

Three hashes were recovered from a database dump. Crack them all: 5f4dcc3b5aa765d61d8327deb882cf99, 482c811da5d5b4bc6d497ffa98491e38, 21232f297a57a5a743894a0e4a801fc3

πŸ’‘ Show Hint
These are MD5 hashes. Try CrackStation or rockyou.txt with hashcat. All are common passwords.
πŸ”’ Sign Up to Submit Flags
🐧

Kernel Whispers

Intermediate
Linux SecurityπŸ† 300 ptsβœ… 0 solves

You have a low-privilege shell on a Linux server. The kernel version is 4.4.0-21. Escalate to root and read /root/flag.txt.

πŸ’‘ Show Hint
Check searchsploit for kernel exploits. Dirty Cow (CVE-2016-5195) affected many kernel versions.
πŸ”’ Sign Up to Submit Flags
🐧

Kernel Whispers

Intermediate
Linux SecurityπŸ† 300 ptsβœ… 0 solves

You have a low-privilege shell on a Linux server. The kernel version is 4.4.0-21. Escalate to root and read /root/flag.txt.

πŸ’‘ Show Hint
Check searchsploit for kernel exploits. Dirty Cow (CVE-2016-5195) affected many kernel versions.
πŸ”’ Sign Up to Submit Flags
🐧

Kernel Whispers

Intermediate
Linux SecurityπŸ† 300 ptsβœ… 0 solves

You have a low-privilege shell on a Linux server. The kernel version is 4.4.0-21. Escalate to root and read /root/flag.txt.

πŸ’‘ Show Hint
Check searchsploit for kernel exploits. Dirty Cow (CVE-2016-5195) affected many kernel versions.
πŸ”’ Sign Up to Submit Flags
🐧

Kernel Whispers

Intermediate
Linux SecurityπŸ† 300 ptsβœ… 0 solves

You have a low-privilege shell on a Linux server. The kernel version is 4.4.0-21. Escalate to root and read /root/flag.txt.

πŸ’‘ Show Hint
Check searchsploit for kernel exploits. Dirty Cow (CVE-2016-5195) affected many kernel versions.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

WiFi Handshake

Advanced
Network SecurityπŸ† 300 ptsβœ… 0 solves

A WPA2 handshake was captured: target.hccapx. The network name is "CyberLab-5G". Crack the passphrase using rockyou.txt. The flag is HS{passphrase}.

πŸ’‘ Show Hint
Use hashcat with mode 2500 (WPA/WPA2). The password is a common English word with numbers appended.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

WiFi Handshake

Advanced
Network SecurityπŸ† 300 ptsβœ… 0 solves

A WPA2 handshake was captured: target.hccapx. The network name is "CyberLab-5G". Crack the passphrase using rockyou.txt. The flag is HS{passphrase}.

πŸ’‘ Show Hint
Use hashcat with mode 2500 (WPA/WPA2). The password is a common English word with numbers appended.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

WiFi Handshake

Advanced
Network SecurityπŸ† 300 ptsβœ… 0 solves

A WPA2 handshake was captured: target.hccapx. The network name is "CyberLab-5G". Crack the passphrase using rockyou.txt. The flag is HS{passphrase}.

πŸ’‘ Show Hint
Use hashcat with mode 2500 (WPA/WPA2). The password is a common English word with numbers appended.
πŸ”’ Sign Up to Submit Flags
πŸ“‘

WiFi Handshake

Advanced
Network SecurityπŸ† 300 ptsβœ… 0 solves

A WPA2 handshake was captured: target.hccapx. The network name is "CyberLab-5G". Crack the passphrase using rockyou.txt. The flag is HS{passphrase}.

πŸ’‘ Show Hint
Use hashcat with mode 2500 (WPA/WPA2). The password is a common English word with numbers appended.
πŸ”’ Sign Up to Submit Flags
πŸ”¬

Memory Forensics

Advanced
Digital ForensicsπŸ† 350 ptsβœ… 0 solves

A memory dump was captured from a suspected compromised workstation. Use Volatility to analyze it. The malware's C2 server IP is the key β€” format: HS{ip_address_no_dots}.

πŸ’‘ Show Hint
Use volatility netscan or connections plugin. Look for suspicious outbound connections to unusual IPs on high ports.
πŸ”’ Sign Up to Submit Flags
πŸ”¬

Memory Forensics

Advanced
Digital ForensicsπŸ† 350 ptsβœ… 0 solves

A memory dump was captured from a suspected compromised workstation. Use Volatility to analyze it. The malware's C2 server IP is the key β€” format: HS{ip_address_no_dots}.

πŸ’‘ Show Hint
Use volatility netscan or connections plugin. Look for suspicious outbound connections to unusual IPs on high ports.
πŸ”’ Sign Up to Submit Flags
πŸ”¬

Memory Forensics

Advanced
Digital ForensicsπŸ† 350 ptsβœ… 0 solves

A memory dump was captured from a suspected compromised workstation. Use Volatility to analyze it. The malware's C2 server IP is the key β€” format: HS{ip_address_no_dots}.

πŸ’‘ Show Hint
Use volatility netscan or connections plugin. Look for suspicious outbound connections to unusual IPs on high ports.
πŸ”’ Sign Up to Submit Flags
πŸ”¬

Memory Forensics

Advanced
Digital ForensicsπŸ† 350 ptsβœ… 0 solves

A memory dump was captured from a suspected compromised workstation. Use Volatility to analyze it. The malware's C2 server IP is the key β€” format: HS{ip_address_no_dots}.

πŸ’‘ Show Hint
Use volatility netscan or connections plugin. Look for suspicious outbound connections to unusual IPs on high ports.
πŸ”’ Sign Up to Submit Flags
πŸ’£

Buffer Overflow 101

Advanced
Binary ExploitationπŸ† 400 ptsβœ… 0 solves

A vulnerable C program accepts user input without bounds checking. Overflow the buffer to overwrite the return address and redirect execution to the win() function at 0x0804848b.

πŸ’‘ Show Hint
Find the offset using a cyclic pattern. gdb-peda or pwndbg will help. The binary is 32-bit.
πŸ”’ Sign Up to Submit Flags
πŸ’£

Buffer Overflow 101

Advanced
Binary ExploitationπŸ† 400 ptsβœ… 0 solves

A vulnerable C program accepts user input without bounds checking. Overflow the buffer to overwrite the return address and redirect execution to the win() function at 0x0804848b.

πŸ’‘ Show Hint
Find the offset using a cyclic pattern. gdb-peda or pwndbg will help. The binary is 32-bit.
πŸ”’ Sign Up to Submit Flags
πŸ’£

Buffer Overflow 101

Advanced
Binary ExploitationπŸ† 400 ptsβœ… 0 solves

A vulnerable C program accepts user input without bounds checking. Overflow the buffer to overwrite the return address and redirect execution to the win() function at 0x0804848b.

πŸ’‘ Show Hint
Find the offset using a cyclic pattern. gdb-peda or pwndbg will help. The binary is 32-bit.
πŸ”’ Sign Up to Submit Flags
πŸ’£

Buffer Overflow 101

Advanced
Binary ExploitationπŸ† 400 ptsβœ… 0 solves

A vulnerable C program accepts user input without bounds checking. Overflow the buffer to overwrite the return address and redirect execution to the win() function at 0x0804848b.

πŸ’‘ Show Hint
Find the offset using a cyclic pattern. gdb-peda or pwndbg will help. The binary is 32-bit.
πŸ”’ Sign Up to Submit Flags

πŸ† Leaderboard

πŸ₯‡
Wael Khwat
0 pts
πŸ₯ˆ
wael
0 pts
πŸ₯‰
Test Admin
0 pts
4
Test Student
0 pts

πŸ–₯️ Quick Terminal

bash
HorizonShield CTF Terminal v1.0 β€” type "help"
$