📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	KnightCTF - 2025	Event Link
🔰 Category	Web	🌐
💎 Points	150	Out of XXXX total
⭐ Difficulty	🟢 Easy	Personal Rating: 1/10
👤 Author	NomanProdhan	Profile
🎮 Solves (At the time of flag submission)	269	XX% solve rate
📅 Date	20-01-2025	KnightCTF - 2025 Day X
🦾 Solved By	mH4ck3r0n3	Team: QnQSec

📝 Challenge Information

In the realm of ancient codes, only those who enumerate correctly can unveil the hidden flag. Craft your mathematical expressions wisely and uncover the secrets that lie within.

Flag Format: KCTF{FLaG_HeRe}

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

by trying to enter something in the numeric input box and submitting, I get letters in the file name:

so, I assume it’s about finding the correct combination to print the contents of the file flag.txt.

🎯 Solution Path

Exploitation Steps

Initial setup

After understanding how it works, I moved on to the exploit, doing a bit of guessing on the letters to figure out which number corresponded to which letter.

Exploitation

After a couple of attempts, I came up with this:

continuing to experiment, I found the correct combination, 7195, which allowed me to read the flag.txt file.

Flag capture

🛠️ Exploitation Process

Approach

The exploit is very simple: it’s a POST request to the page where I pass the parameter expression=7195, which is the correct combination. Then, I extract the flag from the response text using bs4:

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 20-01-2025 • Last Modified: 20-01-2025 Author: mH4ck3r0n3 • Team: QnQSec