This is a write-up for BruCON CTF Web and DNS challenges Web: Baby LFI The description says: “Local File Inclusions are so cool! Can you get the flag at /flag.txt?” and leads to a web page which shows this piece of PHP code: 1 <?php isset($_GET['file']) ? include_once($_GET['file']) : highlight_file('index.php') ?> I tried http://URL/?file=flag.txt which returned several interesting warning messages. 1 2 3 Warning: include_once(flag.txt): Failed to open stream: No such file or directory in /var/www/html/index.

Troopers conference is known for its fabulous hardware badges. This year, we were given an ESP32-base badge. In an workshop, we could solder a Shitty-Addon with colored LEDs and a connector for a remote control. In addition, the badge was featuring 2 challenges. Similar to CTF-challenges, when solved, the challenges would give you a token, you’d submit the token on a local troopers website, and get raffle tickets after a given number of points.

Description This challenge was in the Misc category. 1 2 3 4 5 6 7 8 9 While travelling to a conference in Paris, Herlock Sholmès sees a troubled police inspector. After asking him what was his problem, the inspector tells Herclock that he is trying to understand how two spies communicate with each other. Once every week both spies get on the Eiffel tower, but never get in speaking distance of each other.