Writeup: Microsoft Axel - upCTF (Web) Paid Members Public
Overview GhostDrop is a Flask web application that lets users fetch files from URLs using the axel download accelerator and later download them. The app has two main endpoints: * POST /fetch - Takes a URL, runs axel to download the file into /app/files/ * GET /download/<path:filename>
Writeup: 0day on ipaddress - upCTF (Web) Paid Members Public
Overview The challenge provides a Flask web application that wraps an "nmap" scanning tool. Users supply an IP address (and optional port) via the /check endpoint, which gets passed into a shell command. The goal is to achieve command injection to read the flag file. Source Code Analysis
Writeup: Wasmbler - upCTF (Reverse) Paid Members Public
Overview The challenge presents a web page at http://46.225.117.62:30023 with an input field for the flag. Validation is performed entirely client-side using WebAssembly (WASM) via the exported check_flag function. <script src="challenge.js"></script> <script> function
Writeup: Minecraft Enterprise Edition - upCTF (Reverse) Paid Members Public
Challenge Description My company recently acquired a limited number of Minecraft Enterprise Edition keys to reward top-performing employees. Sadly, I didn't make the cut. I managed to get my hands on the internal activation program they use to validate these licenses. Will you help me go around management
Writeup: Old Calculator - upCTF (Reverse) Paid Members Public
Challenge Found my old TI in a box of high school stuff. Weird, there's a program on here I don't remember installing. Wrap the code in upCTF{...} We're given a single file: PROG.8xp - a TI-83/84 calculator program. Flag upCTF{1F41L3DC4LCF0RTH1S} Analysis
Writeup: Locked Temple - upCTF (Reverse) Paid Members Public
Challenge Step on the pressure plates with the perfect 8 plate sequence. If you prove worthy, the door will open and the ultimate golden prize will be revealed to you. Pressure plate order follows this representation: Flag format: upCTF{PlateOrder_SECRETDIGIT} Solution Initial Analysis $ file locked_temple locked_temple: ELF
Writeup: Inconspicuous Program - upCTF (Reverse) Paid Members Public
Challenge Description I found this file on one of our servers and even though its presence is suspicious there doesn't seem to be anything of note about it. Category: Pwn / Reverse Engineering Flag: upCTF{I_w4s_!a110wed_t0_write_m4lw4r3} Analysis We're given a single ELF
Writeup: Hidden Signal - upCTF (Crypto) Paid Members Public
Challenge A leaked password database. The data looks random. It isn't. Find the signal. Flag: upCTF{m4rk0v_w4s_h3r3_4ll_4l0ng} Analysis We're given passwords.txt — a file with 4000 lines of what appears to be random uppercase letters, each line thousands of characters long. YSOTUIQJZKSTWJLQXNRXKTIAJDGEWRXPPUOQZZUB.
