YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 4 min readBroncoCTF : Unblur me WriteupChallenge A web page at https://broncoctf-unblur-me.chals.io/ presents a "Calculus Review" quiz: Solve 500 derivatives to unblur the image and unlock a secret. Progress: 0 / 500 A blurred image sits 00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 5 min readBroncoCTF: Lovely LoginExecutive Summary Lovely Login presents a minimal "Secure Database" login form backed by an Express API at /login. The obvious attack surface — NoSQL operator injection on username/password — turned o00
YPYogesh Peelainexploitnotes.hashnode.dev·7h ago · 5 min readBroncoCTF : The KeyMaster WriteupChallenge No file, no binary — just a URL: https://broncosec.com/BroncoCTF The flag format is given as bronco{XXXX...}. Nothing else. This is an OSINT / web-recon style challenge: the flag is broken 00
YPYogesh Peelainexploitnotes.hashnode.dev·7h ago · 4 min readBronoCTF : LEts a GO WriteupCategory: Forensics / Misc Difficulty: Easy Flag: bronco{3ve4yth1ng_1s_aw3s0me} Challenge We're given lego_bricks_challenge.zip, a 63 KB archive. $ zipinfo lego_bricks_challenge.zip Archive: lego_bri00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 2 min readBronoCTF : No Laughing MatterChallenge A single file, aha.txt, containing nothing but space-separated 8-letter "words" made up of only two characters: A and H. $ cat aha.txt AHHAAAHA AHHHAAHA AHHAHHHH AHHAHHHA AHHAAAHH AHHAHHHH A00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 5 min readBroncoCTF : Bundle WriteupSummary A .kra-adjacent artifact named Bundle_99 is handed off for analysis. It turns out to be a Krita resource bundle (.bundle) — a plain ZIP archive containing a brush preset (Brush 99.kpp). The .k00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 5 min readBroncoCTF : Super Secure ServerExecutive Summary Super Secure Server presents a login form that appears to check a username and password, but does nothing of the sort. The page's own JavaScript fetches the "secret" credentials from00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 4 min readBroncoCTF : Spot the difference WriteupChallenge We're given two files, file1.txt and file2.txt, each containing what looks like a long, random blob of letters, digits, and symbols — one character per line. At a glance the two files look i00
YPYogesh Peelainexploitnotes.hashnode.dev·6h ago · 6 min readBroncoCTF : Magic Ways WriteupExecutive Summary challenge.png was a PNG file that had been deliberately mangled at the byte level so that neither the OS, exiftool, nor pngcheck would recognize it as a valid image. The fix required00
YPYogesh Peelainexploitnotes.hashnode.dev·7h ago · 5 min readBroncoCTF : Negative Bread WriteupChallenge We're given a single ELF binary, bank: $ file bank bank: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, not stripped Runni00