📊 Challenge Overview

Category	Details	Additional Info
🏆 Event	PicoGym	Event Link
🔰 Category	Web	🌐
💎 Points		Out of 500 total
⭐ Difficulty	🟡 Medium	Personal Rating: ?/10
👤 Author	notdeghost	Profile
🎮 Solves (At the time of flag submission)	1.539	solve rate
📅 Date	20-03-2025	PicoGym
🦾 Solved By	mH4ck3r0n3	Team:

📝 Challenge Information

History has failed us, but no matter.

🎯 Challenge Files & Infrastructure

Provided Files

Files:

•  Attached Files

🔍 Initial Analysis

First Steps

Initially, the website appears as follows:

It looks like a web application that simulates a circuit builder for NAND (NOT AND). This is all I have understood since the entire internal logic is literally built within the challenge.

🎯 Solution Path

Exploitation Steps

Exploitation

The exploit is ridiculously simple, so I don’t think this is the proper way to solve it… but by setting up any type of circuit and trying to submit it, after a few attempts, the check is probably bypassed, and the flag is released. I don’t understand how or why, but apparently, it works as an exploitation method.

Flag capture

🛠️ Exploitation Process

Approach

The automatic exploit runs a while True loop until it receives the flag and extracts it from the response using a regex, then prints it.

•  Exploit

🚩 Flag Capture

Flag

picoCTF{p4ch1nk0_f146_0n3_e947b9d7}

Proof of Execution

Screenshot of successful exploitation

🔧 Tools Used

Tool	Purpose
Python	Exploit

💡 Key Learnings

Time Optimization

• I don’t know, maybe trying to persist?

Skills Improved

• Binary Exploitation
• Reverse Engineering
• Web Exploitation
• Cryptography
• Forensics
• OSINT
• Miscellaneous

📚 References & Resources

Learning Resources

• https://en.wikipedia.org/wiki/NAND_logic

📊 Final Statistics

Created: 20-03-2025 • Last Modified: 20-03-2025 *Author: mH4ck3r0n3 • Team: *