🌐 web/eezzjs

N1CTF 2025 - Web Challenge

Introduction

This challenge was a joint solve between conflict and siefr3dus.

eezzjs was a web challenge from n1CTF 2025.

It was an Express.js challenge where the aim was to get remote code execution using EJS template rendering.

TL;DR

The challenge involved chaining multiple vulnerabilities to achieve remote code execution:

1. Exploiting CVE-2025-9288 in sha.js to forge a valid JWT token for admin authentication
2. Bypassing the file extension filter using path normalization quirks
3. Leveraging a path traversal vulnerability to upload a malicious EJS template to the views directory
4. Triggering template rendering via a hidden query parameter to execute arbitrary commands

Challenge Overview

The application contains a file upload functionality, which is locked behind an authentication middleware.

Write-up — Challenge Guess Me (m0leconCTF 2025)

Introduction

Guess Me is an authentication challenge that runs 5 rounds of an online protocol. Each round hides a randomly-permuted secret derived from the string m0leCon. The service accepts a hex nonce field that can contain multiple 16-byte nonces concatenated together, plus additional_data, ciphertext and a tag. A subtle combination of a custom PRF, a deterministic stream-cipher-like encryption and a buggy padding check yields a tag oracle that is exploitable to recover the server’s permutation quickly.

🔐 crypto/one-more-bit

m0leconCTF 2025 – Crypto Challenge

Introduction

One More Bit was a crypto challenge worth 50 points. The subtitle gave the hint: “Approximate FHE was a mistake.”
It deals with an approximate homomorphic encryption scheme (CKKS-like), involving scaling and noise, and a JSON API that lets you encrypt two messages, evaluate squares, read decrypted bits… and guess which message the oracle chose in each round.

TL;DR

We exploit internal floating-point representation: the server “quantizes” a value m into int(round(m * 2^50)), then keeps only the lower 64 bits (two’s complement mask).
Therefore, m and m + 2^14 produce exactly the same 64-bit pattern (since 2^14 × 2^50 = 2^64).
So we send (m0, m1) = (1.0, 1.0 + 2^14) to create two plaintexts that are bitwise indistinguishable — except through the noise introduced by homomorphic operations (especially square).
We then measure bitwise “anomalies” returned by /decrypt and deduce the correct bit.
As a backup, a second strategy uses symmetry (x, -x) then square. The flag is recovered.

🌐 web/magick

m0leconCTF 2025 - Web Challenge

Introduction

magick was one of the first web challenges released during m0leconCTF 2025. It was a medium difficulty challenge, worth 50 points by the end of the competition.

Table of Contents

• TL;DR
• Challenge Description
• Source Code Analysis
  • Application Analysis
  • The Convert Script
• Vulnerability Identification
  • Testing for Command Injection
  • Finding the Attack Vector
• Exploitation
  • Crafting the MIFF Polyglot
  • Achieving Code Execution
• Solve Script
• Conclusion

TL;DR

The challenge involved exploiting an ImageMagick convert command injection vulnerability. By leveraging the -write flag and crafting a MIFF polyglot file with embedded PHP code in its comment field, we could bypass exiftool sanitization and achieve remote code execution to retrieve the flag.

We need to analyze a suspicious .wav audio file that contains a hidden message. The challenge title, “It says a lot when there is no music”, suggests that the solution might lie in the absence of sound, which points directly to analyzing the silent parts of the file, especially at the beginning and the end. The puzzle involves uncovering a hidden message by decoding a sequence of numbers derived from the audio data.