Challenge category:
Web Exploitation
Binary Exploitation Cryptography Forensics Miscellaneous Networks Radio Frequency Reverse Engineering Web Exploitation Welcome
babystrechy
50 Points

More byte mean more secure


Although this is a web challenge, the script is ran directly with PHP because it doesn't need to have an HTML website attached. Run the command below to connect!

nc stretchy.chal.irisc.tf 10704
chal.php
By: sera
babycsrf
359 Points

JSONP is a old pattern for getting data into JS, but I heard it's insecure because an attacker can specify code instead of a function name. I solved this problem by not letting you change the name.


For this challenge you will need to submit a URL to the admin bot (a program that runs a browser and directs it to visit your URL, simulating a real person clicking your link). I recommend learning how to use ngrok if you don't know how to expose local solutions to the internet - I've also provided a template server using Python and Flask for your solution.

https://babycsrf-web.chal.irisc.tf
nc babycsrfadminbot.chal.irisc.tf 10705
chal.zip
solve_template.zip
Hint!

The admin's cookie is set with SameSite=None

By: sera
Feeling Tagged
497 Points

Check out my new note service! It supports all the formatting you'll ever need.

Flag is in admin's cookies.

https://tagged-web.chal.irisc.tf/
nc taggedadminbot.chal.irisc.tf 10701
tagged.py
Dockerfile
By: sera
metacalc
498 Points

I ran into this awesome NodeJS spreadsheet library using some custom sandboxing so I tried it out. I even hardened it a bit more. Nothing could ever go wrong

nc metacalc.chal.irisc.tf 10700
metacalc.zip
By: sera
MyCoolSDK
500 Points

I've written a program that let's you encrypt and decrypt strings, but it uses a proprietary closed-source SDK through GitHub Actions. Of course you can fork it and only the magical GitHub black box will be able to see it. So there's no way you could dump the entire SDK... right?


Note: this challenge uses a non-standard flag format, irisCTF{}.

Also after solving, please delete your repository if you fork and make any changes to it so others can't cheat off of your repo.

Hint: this is not a rev challenge. No need to break IDA out for this one.

https://github.com/IrisSec/MyCoolEncryptor/
sdk_server_source.js
By: nope
mokerview
500 Points

Classic bug combo pack


Admin will visit your URL after logging in.

https://mokerview-web.chal.irisc.tf/
nc mokerviewadminbot.chal.irisc.tf 10702
mokerview.py
By: sera
sanitizer
500 Points

What does it truly mean to sanitize something? What is a sanitize? Is this challenge solvable?


Admin bot code is provided, running Chromium at least 109.0

https://sanitizer-web.chal.irisc.tf/
nc sanitizeradminbot.chal.irisc.tf 10703
sanitizer.zip
By: sera