Eat the Cake! [rev, 641 solvers] TLDR; Simple re challenge written in C++, which checks every character of the input. Despite used language, it's easily reversible doing only static analysis.
At the start of the challenge I was given one file called cake.exe. Quick file check revealed that it’s UPX packed binary. To unpack it I used standard tool available in kali repositories:
➜ upx -d cake.exe Ultimate Packer for eXecutables Copyright (C) 1996 - 2018 UPX 3.
solar-energy TLDR; Solr query injection, which lead to file read.
On the previous weekend I played nullcon HackIM 2020 CTF. In the end our team managed to take 2nd place. There was couple of interesting challenges and one of them was challenge involving Apache Solr, software which I don’t have too much expirience with. I heavily used Burp and Hackvertor extension, that helped me with URL encoding (these ‘<@urlencode>’ tags in the requests).