๐ Pachinko
A detailed write-up of the Web challenge 'Pachinko' from PicoCTF - 2025
๐ Challenge Overview
Category Details Additional Info ๐ Event PicoGym Event Link ๐ฐ Category Web ๐ ๐ Points Out of 500 total โญ Difficulty ๐ก Medium Personal Rating: ?/10 ๐ค Author notdeghost Profile ๐ฎ Solves (At the time of flag submission) 1.539 solve rate ๐ Date 20-03-2025 PicoGym ๐ฆพ Solved By mH4ck3r0n3 Team:
๐ Challenge Information
History has failed us, but no matter.
๐ฏ Challenge Files & Infrastructure
Provided Files
Files:
๐ Initial Analysis
First Steps
Initially, the website appears as follows:
It looks like a web application that simulates a circuit builder for
NAND (NOT AND)
. This is all I have understood since the entire internal logic is literally built within the challenge.
๐ฏ Solution Path
Exploitation Steps
Exploitation
The exploit is ridiculously simple, so I donโt think this is the proper way to solve itโฆ but by setting up any type of circuit and trying to submit it, after a few attempts, the check is probably bypassed, and the flag is released. I donโt understand how or why, but apparently, it works as an exploitation method.
Flag capture
๐ ๏ธ Exploitation Process
Approach
The automatic exploit runs a
while True
loop until it receives the flag and extracts it from the response using a regex, then prints it.
๐ฉ Flag Capture
FlagpicoCTF{p4ch1nk0_f146_0n3_e947b9d7}
Proof of Execution
๐ง Tools Used
Tool Purpose Python Exploit
๐ก Key Learnings
Time Optimization
- I don’t know, maybe trying to persist?
Skills Improved
- Binary Exploitation
- Reverse Engineering
- Web Exploitation
- Cryptography
- Forensics
- OSINT
- Miscellaneous
๐ References & Resources
Learning Resources
๐ Final Statistics
Metric | Value | Notes |
---|---|---|
Time to Solve | 01:30 | From start to flag |
Global Ranking (At the time of flag submission) | Challenge ranking | |
Points Earned | Team contribution |
Created: 20-03-2025 โข Last Modified: 20-03-2025 *Author: mH4ck3r0n3 โข Team: *