tl;dr

• Whisper model converts audio to text
• text is passed through subprocess and not sanitized
• difficult to generate a command injection through manual voice
• Need to invert the Neural network that will generate the audio file we need
• Implement Gradient descent based inversion to find input for target output.
• Generate the audio file and send, get flag!

tl;dr

• Fuzzing to find the /internal endpoint
• Chaining CVE-2023–24329 and the SSRF in the /okay endpoint to access the internal docker registry host.
• Downloading image blobs using the docker registry API.
• Using CVE-2024-21488 to get RCE on the vec service.
• As the templates directory of the core service is cross-mounted, we can modify the index.html file from vec service to get RCE on the core service.
• Hence we can read the flag from the core service.

tl;dr

• Using brainf*ck to search for flag bytes within a huge tape
• 3 levels with varying constraints to leak flag
• Intended as a code golfing challenge

tl;dr

• Exploit Android Webview Javascript Interface
• Communicate with a Service via AIDL

tl;dr

• Reverse bytearray to recover matrix cflag.
• Use first element of matrix to recover e (bruteforce &iroot)
• Reduce the flag to finite field of a 32-bit prime, solve for each character.

tl;dr

• Challenge involves Reversing, Web, and Crypto
• Reverse the binary to get the endpoints
• Trigger the XSS bug in the website and get admin cookie
• Use Hash Length extension attack to get authenticated as admin and get the flag

tl;dr

• Challenge is a Nintendo GameBoy ROM image.
• Reverse the ROM and figure out the implementation
• Analyze the calling function’s checks to find the path along which we must move.

tl;dr

• Hand-crafting a linux shared object file with a size of less than 194 bytes