Post

Polycc CTF PRE-Q 2025

Reverse Engineering Walkthrough and Web Exploitation

Polycc CTF PRE-Q 2025

🧩 Reverse Engineering

Checker 1 🧩

1
2
3
4
5
6
7
8
9
(luna@faris)-[~/Downloads]
$ strings flag_checker1.exe
PTE1
u+UH         Reverse Engineering
***********************************
* FLAG CHECKER v1.1             *
Enter the secret key to reveal the encoded flag:
Q1RGQ1d7QmFzZTY0XhpZGVZXzl0fQ==
reveal

Given file name flag_checker1.exe Doing static analysis by using strings command we noticed there is base64 encoding go to cyberchef and decode get the flag.

1
Flag:CTFCW{Base64_hides_it}

Flag Checker v2 🧩

1
2
3
4
5
6
7
(redswiss@faris)-[~/Downloads]
$ strings flag_checker_v2\(1\).exe
UPX!
PWG6
; P71
Y*X^
Ip/lib6/

Doing a static analysis using strings command noticing the UPX! words showing this exe file been compressed with upx.

1
2
3
4
5
6
7
8
9
10
11
(luna@faris)-[~/Downloads]
$ upx -d flag_checker_v2\(1\).exe
                       Ultimate Packer for executables
                          Copyright (C) 1996 - 2024
UPX 4.2.4        Markus Oberhumer, Laszlo Molnar & John Reiser   May 9th 2024

        File size   Ratio   Format   Name
   --------------------   ------   ------   ----------
    32199 <-   10292   31.96%   linux/amd64   flag_checker_v2(1).exe

Unpacked 1 file.

Use upx -d to decompress the file.

1
2
3
4
5
6
7
8
9
10
11
12
13
********************************************
* FLAG CHECKER v2.0            *
Enter the secret phrase to reveal the encoded flag:
Q1RGQ1d7dXBBX3NvX2dvb2R9
unpack_me
Correct phrase!
Encoded Flag:
Remember to check string first
Incorrect phrase. The key might be hidden ...
basic_string: construction from null is not valid
;*3$"
zPLR
GCC: (Debian 14.2.0-16) 14.2.0

Throw the Q1RGQ1d7dXBBX3NvX2dvb2R9 to cyberchef and get the flag.

1
 FLAG: ctfcw{upx_so_good}

CAN YOU FIND THE KEYWORD 🗝️

Description : Find The keyword inside

1
2
3
4
5
6
7
8
9
10
11
12
13
14
(luna@faris)-[~/Downloads]
$ strings canyoufindme.exe
!This program cannot be run in DOS mode.
.text
P`.data
.rdata
0@/4
_Jv_RegisterClasses
Enter the password:
%99s
no_password
Correct! Here's your flag: ctfw (%s)
Wrong password.
Mingw runtime failure:

When we use the string method noticing the there is no_password showing because its storing as a plain C string. can u

1
FLAG : ctfcw{no_password}

MATH_GURU 🧬

Description : You need to solve the equation and get the flag.

Hint:Find the Equation First

can u
Open the exe file with ghidra and make an analysis on main section and local_14 was initilaizing by the input make by user and on line 10 its comparing the local_14 that based on user input and compare to the 0x85 in decimal was equal to 133 and if its right it will print the flag if not equal to 133 it will print out Nope! try again.

can u

1
FLAG: ctfcw{133}

EASY PASSKEY

Description: Find the Passkey and get the flag.. inside the program Hint : You can always bypass

can u

Throw the exe file and get the flag.

HIDDEN IN PLAIN SIGHT (WEB EXPLOITATION 🌐🕵️‍♀️)

Description :A junior developer left a comment in the code while testing something. Unfortunately, it made its way to production.

They claim it’s harmless, but you know better. Inspect everything carefully - maybe there’s a way to trigger something unexpected and get the flag in the search page

can u Inspect the source code we can see there is path showing as comment go to this path and get the flag. alt text

1
FLAG: ctfcw{reflected_xss_master}

CRYPTOGRAPHY 🔑

Description: Inside the envelope, you find another photo. On the back of it, there are some strange symbols. Some of them look like letters you’ve seen before, but the way they are arranged doesn’t make any sense. It doesn’t seem to match any code or language you know.

alt text

This was national flag so I look up for a national flag decoder and have showing me this and copy the flag and get the flag.

alt text

1
FLAG: ctfcw{NAVYSIGNALCODE}
This post is licensed under CC BY 4.0 by the author.