Table of Contents
I played WolvCTF 2023 with Invaders0x1 which is held on March 18, 2023. These are the writeups for the solved challenges.
Charlotte's Web
/src is found in source code.
flag will be opened when we resquest /super-secret-route-nobody-will-guess with a PUT method.
Flag : wctf{y0u_h4v3_b33n_my_fr13nd___th4t_1n_1t53lf_1s_4_tr3m3nd0u5_th1ng}
baby-pwn
Attached files baby-pwn.c and baby-pwn.c
Function present in baby-pwn.c
void vuln(void)
{
volatile int a = 0xdeadbeef;
char buff[32] = { 0 };
printf("Gimme some input: ");
fgets(buff, 48, stdin);
if (a != 0xdeadbeef) {
print_flag();
}
}
Trying bufferoverflow input string length of 48 in the remote server.
Flag : wctf{W3lc0me_t0_C0stc0_I_L0v3_Y0u!}
baby-rev
Here is the challenge file baby-rev
Simple **strings** did the thing.
Flag : wctf{Oh10_Stat3_1s_Smelly!}
We Will Rock You
We have to crack password protected zip file
Creating hashes from zip file to make john understands it. 
Cracking the hashes with the john 
Password : michigan4ever
After extracting zip with the password we can find a flag.txt
Flag : wctf{m1cH1g4n_4_3v3R}
yowhatsthepassword
Content of main.py
# I'm thinking of a number from 0 to 2^32 - 1
# Can you guess it?
import random
import base64
def generate(seed):
random.seed(seed)
c = 0
while c != ord('}'):
c = random.randint(97, 126)
print(chr(c), end='')
print()
secret = 'ly9ppw=='
import base64
s = int(input("password? >>> "))
if int(base64.b64decode(secret).hex(), 16) == s:
generate(s)
else:
print('nope')
A simple condition check was done here. The password of should be int(base64.b64decode(secret).hex(), 16)
So, the password is 2536466855
Flag : wctf{ywtp}
escaped
The challenge file jail.py
Content of jail.py
print("Welcome to my `cat` program. Give me a string and I'll output it back.")
code = input("Enter your string (with double quotes) >>> ")
import ast
if code[0] == '"' and code[-1] == '"' and all(ch != '"' for ch in code[1:-1]):
compiled = compile('print("' + eval(code) + '")', "out", mode = "exec")
exec(compiled)
eval() function is capable of evaluating the code what we pass to it. But the print("' + eval(code) + '") is generating the string not the execution of our input code.
Now we have to escape the " in the print() to generate the executed output of the passed input.Out input shouldn’t contain " in the string except at the beginning and end.
The payload can be in this form
The payload to get the flag is "\x22,__import__('os').system('cat flag.txt'),\x22". Here \x22 is interpreted as " this will become print("",__import__('os').system('cat flag.txt'),"". Therefore it will prints the flag.
Flag : wctf{m30w_uwu_:3}
elytra
A text file is given iwon.txt
When we view the contents of the file in raw format we encounter 0xa and 0xd repeatedly.
0xa is "\n" and 0xd is "\r"
When we process it with python we can observe \r in few lines only, so \r is forming a pattern here.
Marking the line as 1 in which \r is appeared if not as 0
This will generate a binary pattern then we can convert it into ascii to obtain the flag.
Solution script
with open("iwon.txt","rb") as f:
pattern = []
for i in f:
if b"\r" in i:
print(i)
pattern.append("1")
else:
pattern.append("0")
binarystring = "".join(pattern)
byte_list = [int(binarystring[i:i+8], 2) for i in range(0, len(binarystring), 8)]
# print(byte_list)
for i in byte_list:
print(chr(i),end="")
Flag : wctf{ggwp}
Dino Trading
This is from forensics category. A pcap file is provided download.pcapng
Analysing traffic with Wireshark. If we follow TCP stream we can see that the parties shared a epicfight.png file.
Exporting FTP-DATA of the packet in which the file has been shared as png
This is the image which was shared on network.
Extracting data from image with steghide
Reading hidden.txt and decoding it from base64
Flag : wctf{an_1mage_in_a_peecap_b64}
WannaFlag I: An Introduction
This challenge is from OSINT challenge series WannaFlag. The given image 
Reverse image search on google.
As the challenge says "read the reviews on google maps". Reading reviews of image https://www.google.com/search?q=The+Cube&kgmid=/g/1yg6ngznr&hl=en-GB&gl=GB#lrd=0x883cae3897494825:0xb2adec7980125508,1,,,,
netcat wanna-flag-i dot wolvctf dot io one three three seven can be converted as nc wanna-flag-i.wolvctf.io 1337.
By connecting to this address we got the first part of the flag. wctf{sp1n
$ nc wanna-flag-i.wolvctf.io 1337
== proof-of-work: disabled ==
Good job finding the Cube! It's a favorite destination among UofM students!
Anyways here is the flag:
wctf{sp1n
Huh???? Where did the rest of the flag g
______
.-" "-.
/ \
_ | | _
( \ |, .-. .-. ,| / )
> "=._ | )(__/ \__)( | _.=" <
(_/"=._"=._ |/ /\ \| _.="_.="\_)
"=._ (_ ^^ _)"_.="
"=\__|IIIIII|__/="")
_.="| \IIIIII/ |"=._
_ _.="_.="\ /"=._"=._ _
( \_.="_.=" `--------` "=._"=._/ )
> _.=" "=._ <
(_/ \_)
______
.-" "-.
/ \
_ | | _
( \ |, .-. .-. ,| / )
> "=._ | )(__/ \__)( | _.=" <
(_/"=._"=._ |/ /\ \| _.="_.="\_)
"=._ (_ ^^ _)"_.="
"=\__|IIIIII|__/="")
_.="| \IIIIII/ |"=._
_ _.="_.="\ /"=._"=._ _
( \_.="_.=" `--------` "=._"=._/ )
> _.=" "=._ <
(_/ \_)
______
.-" "-.
/ \
_ | | _
( \ |, .-. .-. ,| / )
> "=._ | )(__/ \__)( | _.=" <
(_/"=._"=._ |/ /\ \| _.="_.="\_)
"=._ (_ ^^ _)"_.="
"=\__|IIIIII|__/="")
_.="| \IIIIII/ |"=._
_ _.="_.="\ /"=._"=._ _
( \_.="_.=" `--------` "=._"=._/ )
> _.=" "=._ <
(_/ \_)
██╗ ██╗ █████╗ ███╗ ██╗███╗ ██╗ █████╗ ███████╗██╗ █████╗ ██████╗
██║ ██║██╔══██╗████╗ ██║████╗ ██║██╔══██╗██╔════╝██║ ██╔══██╗██╔════╝
██║ █╗ ██║███████║██╔██╗ ██║██╔██╗ ██║███████║█████╗ ██║ ███████║██║ ███╗
██║███╗██║██╔══██║██║╚██╗██║██║╚██╗██║██╔══██║██╔══╝ ██║ ██╔══██║██║ ██║
╚███╔███╔╝██║ ██║██║ ╚████║██║ ╚████║██║ ██║██║ ███████╗██║ ██║╚██████╔╝
╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝
HAHAHHAHAHHAHA Ohhhhh man what an easy CTF to pwn
And I mean also really?? At least make a geo-osint KIND of difficult
The CTF is HOSTED by UofM where else would that dumb cube be????
Oh man ok well organizers if you want your "challenge" back or flags or whatever send 500,000 Goerli here:
0x08f5AF98610aE4B93cD0A856682E6319bF1be8a6
Who knows maybe we'll take more flags if you don't pay in time >:)
#YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs
#YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs
#YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs #YourFlagsBelongToUs
______
.-" "-.
/ \
_ | | _
( \ |, .-. .-. ,| / )
> "=._ | )(__/ \__)( | _.=" <
(_/"=._"=._ |/ /\ \| _.="_.="\_)
"=._ (_ ^^ _)"_.="
"=\__|IIIIII|__/="")
_.="| \IIIIII/ |"=._
_ _.="_.="\ /"=._"=._ _
( \_.="_.=" `--------` "=._"=._/ )
> _.=" "=._ <
(_/ \_)
______
.-" "-.
/ \
_ | | _
( \ |, .-. .-. ,| / )
> "=._ | )(__/ \__)( | _.=" <
(_/"=._"=._ |/ /\ \| _.="_.="\_)
"=._ (_ ^^ _)"_.="
"=\__|IIIIII|__/="")
_.="| \IIIIII/ |"=._
_ _.="_.="\ /"=._"=._ _
( \_.="_.=" `--------` "=._"=._/ )
> _.=" "=._ <
(_/ \_)
______
.-" "-.
/ \
_ | | _
( \ |, .-. .-. ,| / )
> "=._ | )(__/ \__)( | _.=" <
(_/"=._"=._ |/ /\ \| _.="_.="\_)
"=._ (_ ^^ _)"_.="
"=\__|IIIIII|__/="")
_.="| \IIIIII/ |"=._
_ _.="_.="\ /"=._"=._ _
( \_.="_.=" `--------` "=._"=._/ )
> _.=" "=._ <
(_/ \_)
██╗ ██╗ █████╗ ███╗ ██╗███╗ ██╗ █████╗ ███████╗██╗ █████╗ ██████╗
██║ ██║██╔══██╗████╗ ██║████╗ ██║██╔══██╗██╔════╝██║ ██╔══██╗██╔════╝
██║ █╗ ██║███████║██╔██╗ ██║██╔██╗ ██║███████║█████╗ ██║ ███████║██║ ███╗
██║███╗██║██╔══██║██║╚██╗██║██║╚██╗██║██╔══██║██╔══╝ ██║ ██╔══██║██║ ██║
╚███╔███╔╝██║ ██║██║ ╚████║██║ ╚████║██║ ██║██║ ███████╗██║ ██║╚██████╔╝
╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝
██╗ ██╗ █████╗ ███╗ ██╗███╗ ██╗ █████╗ ███████╗██╗ █████╗ ██████╗
██║ ██║██╔══██╗████╗ ██║████╗ ██║██╔══██╗██╔════╝██║ ██╔══██╗██╔════╝
██║ █╗ ██║███████║██╔██╗ ██║██╔██╗ ██║███████║█████╗ ██║ ███████║██║ ███╗
██║███╗██║██╔══██║██║╚██╗██║██║╚██╗██║██╔══██║██╔══╝ ██║ ██╔══██║██║ ██║
╚███╔███╔╝██║ ██║██║ ╚████║██║ ╚████║██║ ██║██║ ███████╗██║ ██║╚██████╔╝
╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝
██╗ ██╗ █████╗ ███╗ ██╗███╗ ██╗ █████╗ ███████╗██╗ █████╗ ██████╗
██║ ██║██╔══██╗████╗ ██║████╗ ██║██╔══██╗██╔════╝██║ ██╔══██╗██╔════╝
██║ █╗ ██║███████║██╔██╗ ██║██╔██╗ ██║███████║█████╗ ██║ ███████║██║ ███╗
██║███╗██║██╔══██║██║╚██╗██║██║╚██╗██║██╔══██║██╔══╝ ██║ ██╔══██║██║ ██║
╚███╔███╔╝██║ ██║██║ ╚████║██║ ╚████║██║ ██║██║ ███████╗██║ ██║╚██████╔╝
╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚═╝ ╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝
Also all of you John OSINTs on twitter need to leave us alone
In the output they asked to pay pay 500,000 Goerli to the wallet 0x08f5AF98610aE4B93cD0A856682E6319bF1be8a6. I cannot dooo itt..So, i ignored it :).
When we scroll to the last we have John OSINTs on twitter and #YourFlagsBelongToUs. I did a quick twitter search,
Decoding from base64 will give us flag.
$ echo "d2N0Znt1aGhoX3doM3IzX2QxZF80bGxfMHVyX2ZsNGdzX2cwP30=" | base64 -d
wctf{uhhh_wh3r3_d1d_4ll_0ur_fl4gs_g0?}
Flag : wctf{uhhh_wh3r3_d1d_4ll_0ur_fl4gs_g0?}