PwnMe 2023 CTF

Introduction This challenge is an OSINT challenge from the PWNME CTF. Context explanation John Droper is a Franco-British individual who leaves an enormous digital footprint. (Note: He speaks both English and French, and some information can only be found through one of these languages.) Directive You have to find one of his main social media Solution So here we only have one information about the person, his name. So we will have to search for it on the internet....

Introduction This is a WEB challenge from the PWNME CTF. Context Explanation Here, you can check the content present on the server. Prompt Find a way to abuse this functionality and read the contents of the flag.txt file. Solution This is the challenge homepage. What I noticed immediately is the <?= shell_exec('ls '.$parsed); ?> present in the source code. If we can control the $parsed variable, we can execute commands....

Introduction This challenge is an OSINT challenge from PWNME CTF. Context Explanation To understand the context of the challenge, refer to the introduction challenge description. Task As a budding developer, find information about this undeveloped passion. Solution On John Droper’s Facebook profile, we can see that he has a username: jdthetraveller. We keep this in mind for later. On his feed, we have information about his username. He says that he chose it on AFNIC, which is a domain name registry solution....

Introduction This challenge is a WEB challenge from the PWNME 2023 CTF. Background explanation A company needs a website to generate a QR Code. They asked a freelancer to do this work. Since the website went live, they have noticed strange behavior on their server. They need your help to audit their code and help them solve their problem. Directive The flag is located in /app/flag.txt. Solution The website’s sources are available for download here....

Introduction This challenge is an OSINT challenge from the PWNME CTF. Background explanation To understand the context of the challenge, look at the description of the introductory challenge. Directive John is French-English but lives in France, and his life is almost entirely available on the internet. Find the city where he lives, the username of his current girlfriend, and the maiden name of his ex. OSINT must remain passive, and any interaction is strongly prohibited....

Introduction This challenge is a WEB challenge from the PWNME 2023 CTF. Context explanation A pro player challenges you in a new game. They have spent a lot of time on it and achieved an extremely high score. Directive Your goal is to beat them by any means necessary. Solution The challenge is a game where you must move a ship to avoid shots and fire at enemies. The player you must beat is Eteck, the challenge creator, who has a score of 1337420....

Introduction This challenge is an OSINT challenge from the PWNME CTF. Context explanation To understand the context of the challenge, look at the description of the introduction challenge. Directive John loves adventure and travel. Can you give me the 3 cities he visited during his trip to Europe? Flag format PWNME{city1_city2_city3} Cities in lowercase and in alphabetical order, separated by an “_”. Solution On John Droper’s GitHub, droperkingjohn, on one of his commits, we can see that he removed part of his index....

Introduction This challenge is a WEB challenge from the PWNME CTF. Context Explanation A company needs a website to generate a QR Code. They asked a freelancer to do the job. Since the website went live, they noticed strange behavior on their server. They need you to audit their code and help them fix their problem. Directive The flag is located in /app/flag.txt Solution The web application to test is a blog that allows you to create articles and display them....