Post

AISEC Finals CTF 2025 Writeups

Writeups for AISEC Finals CTF 2025 challenges

Posted Updated
AISEC Finals CTF 2025
AISEC Finals CTF 2025
By
1 min read
AISEC Finals CTF 2025 Writeups

AISEC Finals writeups

Challenge 1: Security_system

Description

just a web page, The goal was to bypass authentication.

Solution

I don’t recall all the details as the challenge is no longer accessible, but the key was a client-side cookie used for authentication. It was Base64-encoded. I decoded it, understood the structure, and modified the content. That gave me admin access and the flag. Payload used is shown below:

1
2

└─$ echo "Tzo2OiJBY2Nlc3MiOjM6e3M6ODoidXNlcm5hbWUiO3M6NToiYWRtaW4iO3M6NzoiaXNBZG1pbiI7YjoxO3M6NzoiY29udGV4dCI7YToyOntzOjQ6ImZsYWciO2I6MTt9fQo=" | base64 -d
O:6:"Access":3:{s:8:"username";s:5:"admin";s:7:"isAdmin";b:1;s:7:"context";a:2:{s:4:"flag";b:1;}}

Flag

CRISIS{.....}

Challenge 2: UDP Puzzle - Forensics

Description

The streams are kinda messy, and since it is called “puzzle”, maybe we have to order them?

Analysis

We’re given a challenge.pcap file with UDP traffic. Looking at the challenge name and the messy streams, it seems like we need to reassemble data from multiple UDP streams in order.

The flag format is CRISIS{...}, so we need to extract and order the packets correctly.

Solution

The approach:

  • Extract the nth UDP packet’s payload (in hex) from each stream with destination port 9999
  • Convert the hex data to raw characters
  • Iterate through positions 1 to 100 to reconstruct the flag

Here’s the bash script I used:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23

#!/bin/bash

flag=""

for n in {1..100}; do
    char=$(tshark -r challenge.pcap -Y "udp.dstport == 9999" -T fields -e udp.stream -e data.data 2>/dev/null | 
    awk -v pos="$n" '{count[$1]++; if(count[$1] == pos && $2 != "00") print $2}' | 
    xxd -r -p | 
    head -c 1)
    
    # Stop if we hit the closing brace
    if [[ "$char" == "}" ]]; then
        flag+="}"
        break
    fi
    
    # Only append if we got a character
    if [[ -n "$char" ]]; then
        flag+="$char"
    fi
done

echo "$flag"

Running the script:

1
2

$ ./nar.sh 
CRISIS{whenever_you_l0st_1_p4cket_you_l0st_a_bit_0f_the_game}

The script uses tshark to extract UDP stream numbers and payload data. For each position, it finds the nth packet in each stream, converts the hex payload to ASCII, and builds the flag character by character until hitting the closing brace.

Flag

CRISIS{whenever_you_l0st_1_p4cket_you_l0st_a_bit_0f_the_game}

CTF Writeups
ctf web aisec
This post is licensed under CC BY 4.0 by the author.