Hidden in Brucon “It appears a flag has hidden itself inside the brucon logo, can you retrieve it?” A file named brucon.jpg is provided. The solution was very easy: 1 2 $ file brucon.jpg brucon.jpg: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, comment: "TOREON{4lw4Ys_CHeck_MEt4Dat4}", progressive, precision 8, 842x595, components 3 Flag: TOREON{4lw4Ys_CHeck_MEt4Dat4} Hidden inside the House 1 One day, I got an email from a friend containing a picture.

This is a write-up for BruCON CTF Web and DNS challenges Web: Baby LFI The description says: “Local File Inclusions are so cool! Can you get the flag at /flag.txt?” and leads to a web page which shows this piece of PHP code: 1 <?php isset($_GET['file']) ? include_once($_GET['file']) : highlight_file('index.php') ?> I tried http://URL/?file=flag.txt which returned several interesting warning messages. 1 2 3 Warning: include_once(flag.txt): Failed to open stream: No such file or directory in /var/www/html/index.

Troopers conference is known for its fabulous hardware badges. This year, we were given an ESP32-base badge. In an workshop, we could solder a Shitty-Addon with colored LEDs and a connector for a remote control. In addition, the badge was featuring 2 challenges. Similar to CTF-challenges, when solved, the challenges would give you a token, you’d submit the token on a local troopers website, and get raffle tickets after a given number of points.