offical repo : https://github.com/utisss/UTCTF-25
A buffer overflow, but secure. Flag can be accessed at "./flag.txt" By Anthony (@stuckin414141 on discord)
nc challenge.utctf.live 5141
[chal](<https://utctf.live/files/ecbab6c091dbd08cd4f7fe632485e964/chal?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MjZ9.Z9TmeQ.cBEEWP6igtm8-Y4d67I_scWi5o8>)
[Dockerfile](<https://utctf.live/files/7e25f13514006844d6b281aee341e7a6/Dockerfile?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6Mjl9.Z9Tu7w.FojH_8338qDtaFAK9-R5lW0lPeo>)
[start.sh](<https://utctf.live/files/361f37d225a0f82467f12f5cbee5a0f9/start.sh?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MzB9.Z9Tu7w.w1GKdlrMF3gSIP6aaFR0PbCP_UE>)
I bet you can't beat me at tic tac toe.
By Sasha (@kyrili on Discord)
nc challenge.utctf.live 7114
[tictactoe](<https://utctf.live/files/fdcf2c1f275af63931672decad73b047/tictactoe?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MjR9.Z9THQw.JxDtI34jxwKEREWSpIqFJSnhm4Q>)
by pavn
nc challenge.utctf.live 9009
[shellcode](<https://utctf.live/files/c085ed3ef42d64732eaf614c336a4736/shellcode?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MTV9.Z9TF2A.54ulZlZBkXKbdvFcQMPwNp1r_ew>)
[libc-2.23.so](<https://utctf.live/files/d6234d17e1775d71e17a73977bcff22f/libc-2.23.so?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MTZ9.Z9TF2A.r8Sx2d6prmVZTV0wMPyqnuMTbK8>)
Last year, your internship at E-Corp (Evil Corp) ended with a working router RCE exploit. Leadership was very impressed. As a result, we chose to extend a return offer. We used your exploit to get a MiTM position on routers around the world. Now, we want to be able to use that MiTM position to exploit browsers to further our world domination plans! This summer, you will need to exploit Chrome!
One of our vulnerability researchers has discovered a new type confusion bug in Chrome. It turns out, a type confusion can be evoked by calling .confuse() on a PACKED_DOUBLE_ELEMENTS or PACKED_ELEMENTS array. The attached poc.js illustrates an example. You can run it with ./d8 ./poc.js. Once you have an RCE exploit, you will find a file with the flag in the current directory. Good luck and have fun!
By Aadhithya (@aadhi0319 on discord)
nc challenge.utctf.live 6128
[d8](<https://utctf.live/files/5e18cbc19a2f59e364f80436cf79d726/d8?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6OX0.Z9TIHA.KscVFh__wpd0OR0ek7wAwNCtucw>)
[patch](<https://utctf.live/files/63f1428f70366c3f32ff965468080c3a/patch?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MTB9.Z9TIHA.p0VdixKXXiBeKA97ZCVnNabnVxA>)
[poc.js](<https://utctf.live/files/b53ef4829ae8fd3e5d6a620fda8432b6/poc.js?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MTF9.Z9TIHA.OgJAuQkOdLQTns4gvMHBMEjPQew>)
[REVISION](<https://utctf.live/files/70a38f92ad3f494dae4ea830f8c025d3/REVISION?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MTJ9.Z9TNGg.qBl2CB5z3HMCnLpwZ6_jpt1CwXU>)
[snapshot_blob.bin](<https://utctf.live/files/3b50d3e3c6cd79234f5ecd4c9b0aecd7/snapshot_blob.bin?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MTN9.Z9TNGg.CdA6yLXf7m5D3SuDy6xBJWie-eU>)
[args.gn](<https://utctf.live/files/8189c722dfef2e5cbbb72519c58fe222/args.gn?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MTR9.Z9TNGg.g_oYnhrX3e4i3zfknHawT0IYZ9o>)
[start.sh](<https://utctf.live/files/69f5b04af54d5a9786b2b8a294e52981/start.sh?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6Mjd9.Z9Tm6g.Qjbahcic82vx6NHPZVts4tGwztE>)
[Dockerfile](<https://utctf.live/files/1bb7a25c60702477a996778d362f779b/Dockerfile?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6Mjh9.Z9Tm6g.UXW-8p3G5di2o0ifx9cpWnez6_w>)
[server.py](<https://utctf.live/files/0c2059992c3cbecd9b016224ff816357/server.py?token=eyJ1c2VyX2lkIjozNTQsInRlYW1faWQiOjIwOCwiZmlsZV9pZCI6MzJ9.Z9UOMw._twd7hrg50DoaspZ7W3c_m_eMh8>)