The Swappage Playground

Because in the end, what does matter is having fun.

CSAW CTF 2015: Lawn Care Simulator

It’s CTF season! and CSAW CTF, one of the funniest CTFs that takes place every year in september has ended this weekend, here is a writeup for one of the web challenges that were provided during the contest.

This 200 points challenge was a web application running a nicely useless javascript for “growing lawn”, and was providing all the typical features available in a standard web application, including registration and login.

The objective of this challenge was to login as admin.


This 200 points challenge was a really nice javascript and client-side security related task.

The website was allowing users to register and upon login it was possible to write some text in a text area and save it for future displaying.

Another function available in the web site was the possibility to submit an URL for review by the site administrator (in a sort of whistleblowing-like platform).

Tee objective of the task was to steal the administrator secret textarea content.

PoliCTF 2015: John the Referee

Wow, it’s been a long time since my last writeup, during this weekend me and my friends at the vulnhub-ctf team took part in the PoliCTF and here is my writeup about this nice web challenge, make sure to read all our writeups at our VulnHub-CTF Team Blog

John the referee was a 150 points web challenge with some crypto added to the recipe :)

The web application looked like a shop selling different types of tshirts and our objective was to discover an hidden item in the shop.

GITS 2015: CloudFS

This CTF was what I’d call an humbling experience; it was an absolutely great contest, don’t get me wrong, but damn! it was hard!, and since I’m not a CTF veteran, let me say that I learned an important thing: “There is no limit to the evilness people can put in their effort of creating challanging puzzles”.

HackIM CTF 2015: Forensics 1

This is the first and supposely easier forensics problem in the NullCon CTF 2015

we were provided with a pcap file, and were asked to identify the hideout of a wanted suspect.

Advent 2014 Day 21 : Otp

otp was a nice (and painful) web challenge in the advent calendar CTF 2014.

We were provided with the source code of the web application and with an URL: the objective was to successfully login to the web site to get the flag.

picoCTF 2014: Tick Tock

Math, math, and more math! :)

There was a loth of math in this picoCTF, and Tick Tock was a pretty cool one.

The problem was under the reverse engineering category, but it was definitely mor math related then reverse engineering, as all you had to understand in terms of verersing, was what the python script was doing.

picoCTF 2014: Steve’s List

Steve’s List was a 200 points master challenge mostly focused on web exploitation, but also with a little of crypto inside.

The problem stated

So we were playing with a defaced website, we had the web server, a backup archive containing the source for a white box analysis and a flag to read.