YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 5 min readBroncoCTF: Lovely LoginExecutive Summary Lovely Login presents a minimal "Secure Database" login form backed by an Express API at /login. The obvious attack surface — NoSQL operator injection on username/password — turned o00
YPYogesh Peelainexploitnotes.hashnode.dev·7h ago · 5 min readBroncoCTF : The KeyMaster WriteupChallenge No file, no binary — just a URL: https://broncosec.com/BroncoCTF The flag format is given as bronco{XXXX...}. Nothing else. This is an OSINT / web-recon style challenge: the flag is broken 00
YPYogesh Peelainexploitnotes.hashnode.dev·7h ago · 4 min readBronoCTF : LEts a GO WriteupCategory: Forensics / Misc Difficulty: Easy Flag: bronco{3ve4yth1ng_1s_aw3s0me} Challenge We're given lego_bricks_challenge.zip, a 63 KB archive. $ zipinfo lego_bricks_challenge.zip Archive: lego_bri00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 2 min readBronoCTF : No Laughing MatterChallenge A single file, aha.txt, containing nothing but space-separated 8-letter "words" made up of only two characters: A and H. $ cat aha.txt AHHAAAHA AHHHAAHA AHHAHHHH AHHAHHHA AHHAAAHH AHHAHHHH A00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 5 min readBroncoCTF : Bundle WriteupSummary A .kra-adjacent artifact named Bundle_99 is handed off for analysis. It turns out to be a Krita resource bundle (.bundle) — a plain ZIP archive containing a brush preset (Brush 99.kpp). The .k00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 6 min readBroncoCTF : Magic Ways WriteupExecutive Summary challenge.png was a PNG file that had been deliberately mangled at the byte level so that neither the OS, exiftool, nor pngcheck would recognize it as a valid image. The fix required00