RITSEC CTF 2025 Writeup
Competed solo under parakavia team name. Solved 22 out of 47 visible challenges, ranked 12th out of 306 teams with 6863 points (1st place team got 15759).
| Challenge name | One-liner reminder | Solved |
|---|---|---|
| Rope | ? don’t remember | forensics, ✅ 100 |
| Intercepted Transmission | pcap inspection ? | forensics, ✅ 281 |
| ?????man | pdf which contains hex encoded jscript, which contains b64 that needs to be decoded using an ecmascript implementation | forensics, 471 |
| Aliens Actually Listen To This?????? | mp3 audio spectogram which needs to be aligned with a midi file which tempo is misaligned | forensics, 481 |
| Pentest Forensics | ???? write up not allowed | forensics, 493 |
| Welcome to RITSEC CTF | free | ✅ 100 |
| Feedback | free | ✅ 100 |
| Puzzles! - 1 | manually solving puzzles? | misc, ✅ 100 |
| Puzzles! - 2 | manually solving puzzles? | misc, 496 |
| Alien Encryption - 1 | md5 db | crypto, ✅ 100 |
| Alien Encryption - 2 | md5 db + planet wordlists | crypto, ✅ 116 |
| Alien Encryption - 3 | md5 space object wordlists with non-alphanum | crypto, 500 |
| Alien Encryption 101 | Basic RSA | crypto, ✅ 100 |
| Cuwves 2 Electric Boogaloo | Basic elliptic curve | crypto, ✅ 293 |
| Mothership | Basic crypto implementation | crypto, ✅ 433 |
| Leaky zkp | ???? write up not allowed | crypto, 489 |
| Bitstream Breach | ???? | crypto, 499 |
| Shaking My Temple | z3 solver | crypto, 500 |
| A space odyssey | ???? | crypto, 500 |
| Alien Encryption 102 | ???? | crypto, 500 |
| Moving money | bitcoin test range | misc, ✅ 155 |
| UFO | 3D model inspection in Blender | misc, ✅ 310 |
| Strike Team Biometrics | Basic statistical classification (used random forest) | misc, ✅ 400 |
| Alien’s First Commit | GitHub user name search is not good with spaces, i.e. username BingusQuatuam will not show up with Bingus or Quatuam queries. The alien made a commit in one of the ritsec’s repo | misc, ✅ 471 |
| Extraterrestrial Echelon | Alien language font, wordplays on social media that point to specific posts/videos | misc, 486 |
| Discovering Chess | Moves to black square 1, white square 0 | misc, 489 |
| Alien Probe Signals | ???? | misc, 498 |
| Virtual ?????? | denylist on some powerful functions in NodeJS, could be circumvented with string concatenation | web, ✅ 419 |
| Cosmic Pathways | GraphQL fuzzing and guessing | web, ✅ 454 |
| Upload Issues | CPIO files can contain relative paths | web, ✅ 483 |
| Upload Issues 2 | tar.gz files can contain symlinks | web, ✅ 495 |
| Hyperlane Network | GraphQL fuzzing and guessing, mutation, specific HTTP header type | web, 500 |
| Stonks | ???? | web, 500 |
| *** Burger | Controllable called function pointers direct from user input | pwn, ✅ 467 |
| Examination Station | ???? | pwn, 498 |
| Starship Registration | ???? | pwn, 499 |
| Hashmatch | ???? | pwn, 499 |
| Zogulon Traces | Binary patching, traces in data section, brute force to find the correct payload | rev, ✅ 494 |
| Minesweeper | Static game state, secret unreachable winning function, binary patching, encrypted payloads, stegsolve | rev, ✅ 498 |
| Noisy | ???? | rev, 500 |
| Unconventional | ???? | rev, 500 |
| Lunar Lunacy | ???? | rev, 500 |
| Shrimple | Math to find factors, ([]<[[]]) can be an integer in python, charset and length limit, stegsolve | misc, ✅ 494 |
| S.E.T.I. | ???? | misc, 496 |
| Well Documented | ???? | misc, 500 |
| Meowjail | ???? | misc, 500 |
| Well Documented Revenge | ???? | misc, 500 |