Forensics: Rexer This is what the challenge says: 1 2 3 4 5 6 7 The pattern is the key. \w*(3).+(T).*([s]).+(g).*([NT]r).*(u).+(L)\w+(Sm).*(N).*}$ asonV3l113UYnrvTfeJpsaeR}ZkJRvA{ThKgr730gnwWhYgVnNTSuhbpJ_BPn7Q8Q7mLnTrc_S3_p3zpFV8Fmm0hrUbvt_24upiqAt7ugXuhbpJ_BPn7Q8Q7mLq8qsSml4Sl4xmw1ON} \2OREO\9{\8\6\4\4\7\1_\3\5\6\4\4\7\1} The first pattern selects parts within the string (second line). Then, the third line re-assembles the selected groups to form the flag. At first, I tried to use ChatGPT to help me out with the regexp. It didn’t work out well and I used Regex101. This website is very convenient.

Hidden in Brucon “It appears a flag has hidden itself inside the brucon logo, can you retrieve it?” A file named brucon.jpg is provided. The solution was very easy: 1 2 $ file brucon.jpg brucon.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "TOREON{4lw4Ys_CHeck_MEt4Dat4}", progressive, precision 8, 842x595, components 3 Flag: TOREON{4lw4Ys_CHeck_MEt4Dat4} Hidden inside the House 1 One day, I got an email from a friend containing a picture.

This is a write-up for BruCON CTF Web and DNS challenges Web: Baby LFI The description says: “Local File Inclusions are so cool! Can you get the flag at /flag.txt?” and leads to a web page which shows this piece of PHP code: 1 <?php isset($_GET['file']) ? include_once($_GET['file']) : highlight_file('index.php') ?> I tried http://URL/?file=flag.txt which returned several interesting warning messages. 1 2 3 Warning: include_once(flag.txt): Failed to open stream: No such file or directory in /var/www/html/index.