Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/potreic/write-up-tpw-ctf-2024

CTF walkthrough solutions: web exploits (XXE Injection), binary overflows, cracking ciphers, and detecting in digital forensics. Break challenges & cat data.txt | grep flags! ๐ŸŽฏ
https://github.com/potreic/write-up-tpw-ctf-2024

binary-exploitation capture-the-flag cryptography cybersecurity digital-forensics web-exploitation

Last synced: 5 months ago
JSON representation

CTF walkthrough solutions: web exploits (XXE Injection), binary overflows, cracking ciphers, and detecting in digital forensics. Break challenges & cat data.txt | grep flags! ๐ŸŽฏ

Awesome Lists containing this project

README 

          
# Write-Ups TPW CTF 2024 ๐Ÿšจ



Welcome to the **CTF Write-Up Repository**! This is a guide for solving various Capture The Flag (CTF) challenges. Intended for learning, practicing, or just curious, I've wrote detailed step-by-step solutions to help you understand and tackle each challenge.



## Repository Structure ๐Ÿ“‚



Hereโ€™s how the repository is laid out:



- **webex/**  

  Learn about **XML External Entity (XXE) Injection**. This involves exploiting vulnerabilities in XML parsers to access sensitive server data. ๐Ÿ› ๏ธ



- **binex/**  

  Dive into **binary exploitation** challenges. Specifically, we cover integer overflow issues, where adding two positive numbers (`n1 > 0` and `n2 > 0`) somehow gives you a negative result. ๐Ÿค”



- **crypto/**  

  Crack some codes with classic cryptographic techniques. This section includes challenges like brute-forcing Caesar ciphers and understanding how simple encryption works. ๐Ÿ”‘



- **forensic/**  

  Analyze corrupted hex data and TCP captures to uncover hidden information. Put your detective skills to the test. ๐Ÿ•ต๏ธโ€โ™‚๏ธ



> **Note:** Each directory comes with its own `README.md` explaining the challenge in detail **AND** includes a challenge file or source code so you can try breaking it yourself. Perfect for hands-on learning! ๐Ÿ’ปโœจ



---



## Whatโ€™s in Each Section? ๐Ÿค“



### Web Exploitation (`webex`)

This section dives into **XXE Injection**โ€”a vulnerability that can expose files or system information via XML parsing. You'll learn to craft payloads to exploit this vulnerability and understand how it works step by step. 



### Binary Exploitation (`binex`)

Binary exploitation challenges here revolve around **integer overflow**, where numbers donโ€™t behave as they should due to computational limits. This section explains how to detect the vulnerability and write an exploit for it.



### Cryptography (`crypto`)

Focuses on cracking encryption schemes like **Caesar ciphers**. The walkthroughs will show you how to script a brute-force attack and decode the flag.



### Forensics (`forensic`)

In this section, youโ€™ll analyze corrupted hex files or dissect TCP packet captures to recover hidden data. The walkthroughs explain tools and methods to get to the solution.



---



## How to Use This Repository ๐Ÿš€



1. Pick a category from the list above and go to its folder.

2. Read the `README.md` for an explanation of the challenge and the solution.

3. Try solving the included challenge files or source code to test your skills. 

4. Refer to the write-ups if you get stuck or want to understand the approach better.



---



## A Quick Heads-Up โš ๏ธ



This repository is purely for **learning** and **practice**. Itโ€™s meant to help you sharpen your cybersecurity skills in a safe environment. Always remember: **donโ€™t use these techniques outside CTFs or without proper authorization**. Play fair and stay ethical!



---

๐Ÿ›ก๏ธ๐Ÿค– Happy Hacking, Fellas!๐Ÿ•ต๏ธโ€โ™‚๏ธ๐Ÿ”’