Posts tagged #python

10 posts

May 13, 2026 writeup

Alpaca CTF 2026: super-short-python-golf

Escape a 6-char Python eval jail by calling help() to enter pydoc's interactive REPL, then importing jail.py as a module to leak ALPACA_FLAG from the DATA section

#ctf #misc #python

May 9, 2026 writeup

Alpaca CTF 2026: reused-n

Exploit a Common Modulus Attack on RSA with gcd(e1,e2)=2 and recover the flag via integer square root when m² < n

#ctf #cryptography #rsa

May 8, 2026 writeup

Alpaca CTF 2026: Vending Machine

Exploit Python's list.pop(-1) silent fallback: drain an item's stock so find() returns -1, then pop(-1) retrieves the flag character appended at the end of the stock string

#ctf #misc #python

March 9, 2024 writeup

2024 Cyber Apocalypse: Unbreakable

Bypass blacklist filters in Python eval() to read the flag

#htb #ctf #misc

March 9, 2024 writeup

2024 Cyber Apocalypse: Character

Automate character-by-character flag extraction from server using socket programming

#htb #ctf #misc

March 9, 2024 writeup

2024 Cyber Apocalypse: Cubicle Riddle

Construct Python bytecode to find min/max values and answer the cube's riddle

#htb #ctf #misc

March 18, 2023 writeup

2023 Cyber Apocalypse: Nehebkaus Trap

Exploit Python exec() filter bypass using character encoding

#htb #ctf #misc

October 26, 2022 writeup

2022 Hack The Boo: Evaluation Deck

Code injection via unsafe use of Python compile() and exec() in arithmetic evaluation

October 26, 2022 writeup

2022 Hack The Boo: Horror Feeds

SQL injection in user registration leading to authentication bypass and flag theft

October 26, 2022 writeup

2022 Hack The Boo: Spookifier

Server-Side Template Injection (SSTI) in Mako template engine leading to RCE