📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	Nullcon Goa HackIM 2025 CTF	Event Link
🔰 Category	Web	🌐
💎 Points	500	Out of 500 total
⭐ Difficulty	🟢 Easy	Personal Rating: 1/10
👤 Author	@gehaxelt	Profile
🎮 Solves (At the time of flag submission)	194	solve rate
📅 Date	01-02-2025	Nullcon Goa HackIM 2025 CTF
🦾 Solved By	mH4ck3r0n3	Team: QnQSec

📝 Challenge Information

Are you good with numbers? http://52.59.124.14:5004

🎯 Challenge Files & Infrastructure

Provided Files

1	Files: None

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

Let’s take a look at the source code by clicking on the link:

As we can see, it is written in php, and we need to calculate a negative sum in order to access the flag. The numbers entered must be numeric and have a maximum of 4 digits, as we can see from the checks.

🔬 Vulnerability Analysis

Potential Vulnerabilities

• Integer Overflow

🎯 Solution Path

Exploitation Steps

Initial setup

Here, once we understand that we can exploit an Integer Overflow, by exceeding the maximum number we will cause the overflow, resulting in a negative number.

Exploitation

The exploit consists in sending numbers like 9e99, which is equivalent to 9^99. Since the maximum number of digits allowed is 4, by exploiting the exponential notation, we can trigger the integer overflow.

And as a result, we obtain the flag.

Flag capture

🛠️ Exploitation Process

Approach

The exploit follows the same procedure mentioned above and extracts the flag using a regex.

•  Exploit

🚩 Flag Capture

Flag

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📊 Final Statistics

Created: 01-02-2025 • Last Modified: 01-02-2025 Author: mH4ck3r0n3 • Team: QnQSec