OWASP PCCOE

  Welcome Back to the Official Write-Up Series of ByteMe CTF! The OWASP PCCOE Student Chapter is taking you on a journey across the Narrow Sea for our 8th write-up. This challenge, Raven’s Whisper , is a masterclass in OSINT Reconnaissance , requiring participants to track a digital identity across platforms and bridge the gap between fiction and reality. Category: OSINT / Recon Difficulty: Easy–Medium Author: Arnav Khadke Theme: Game of Thrones / Real-world Locations Step 1: The Identity Hunt (Sherlock Holmes of the Realm) The challenge started with a single lead: a GitHub username, gore-htm975 . Standard social media searches often turn up empty for such specific handles. To solve this, participants were expected to use Sherlock , a powerful command-line tool that hunts for usernames across hundreds of social networks. The Result: Sherlock confirmed the identity on GitHub. Navigating to the profile, participants found a repository containing a single, mysterious image of a ...

  Welcome Back to the Official Write-Up Series of ByteMe CTF! The OWASP PCCOE Student Chapter is diving into the shadows of digital storage. For our 7th write-up, we explore GHOSTS OF THE REALM , a challenge that focuses on the persistence of "deleted" data and the forensic value of database artifacts. Category: Digital Forensics / Database Analysis Difficulty: Medium Author: Sharayu Kotkar Theme: Game of Thrones / The Citadel Archives Problem Statement A raven once carried a message across the realm, but the Citadel’s records now show no trace of it. The archive appears intact and the messages ordinary yet in Westeros, things thought lost often leave shadows behind. Your task is to investigate these remnants and recover the message that refused to disappear. Provided Files The challenge provides three specific files: chat.db chat.db-wal chat.db-shm Investigation & Analysis Step 1: Identifying the Artifacts The .db extension identifies the main file as a SQLite data...

  Welcome Back to the Official Write-Up Series of ByteMe CTF! The OWASP PCCOE Student Chapter is turning up the heat! For our 6th write-up, we are venturing into OSINT (Open Source Intelligence) with The Dragon’s Whisper . This challenge required participants to act as digital detectives, pivoting from local file metadata to global developer platforms and real-world geography. Category: OSINT Difficulty: Hard Author: Jay Surana Theme: Game of Thrones / Digital Forensics Step 1 : Analyzing the Leak (The Digital Breadcrumbs) The challenge began with a single archive, start.zip , containing a text file and an image: obsidian_fragment.jpg . While the text file was a dead end, the image held secrets in its metadata . Using a tool like exiftool , players discovered hidden strings: Artist: targaryenwhisper Comment: lab By combining the filename ( obsidian ) and the comment ( lab ), players inferred a project name: obsidian-lab . Paired with the artist's name, this led directly to ...

  Welcome Back to the Official Write-Up Series of ByteMe CTF! The OWASP PCCOE Student Chapter is leveling up! For our 5th write-up, we are diving into the world of Reverse Engineering with The Broken Throne . This challenge taught participants that "winning" the game isn't always the same as solving the challenge. Category: Reverse Engineering Difficulty: Easy Author: Sarthak Warale Theme: Game of Thrones / Binary Manipulation 1. Overview: The Illusion of Victory The challenge provided a CLI game where you rule the Seven Kingdoms. Most players who completed the game were greeted with a triumphant message: The realm is united. The lords bow. However, no flag appeared. In the world of CTFs, a "victory" without a flag is a classic Fake Success Path . It strongly suggests that the real objective is buried deep within the binary code, unreachable through standard gameplay. 2. Static Analysis: Peeking Under the Hood To find the truth, we opened the binary in Ghi...

  Welcome Back to the Official Write-Up Series of ByteMe CTF! The OWASP PCCOE Student Chapter is excited to present the 4th installment in our series. This challenge, The Raven of the North , moves us into the realm of Steganography and Classical Cryptography , requiring a mix of encoding analysis and ciphertext decryption. Category: Steganography / Cryptography Difficulty: Easy-Medium Author: Zeeshan Theme: Game of Thrones / Hidden Messages 1. The Encrypted Archive We begin with a password-protected ZIP archive named wbua.zip . To proceed, we need a password, but the filename itself feels like a clue. The Hint in the Name: In many CTF challenges, simple substitution ciphers are used for hints. Applying ROT13 to the filename: wbua -> john This is a direct pointer to John the Ripper , the famous password-cracking utility. 2. Cracking the ZIP Password Using the hint, we apply John the Ripper to wbua.zip . The tool successfully recovers the password in seconds. Result: Pas...

Welcome Back to the Official Write-Up Series of ByteMe CTF! The OWASP PCCOE Student Chapter is diving into the world of client-side vulnerabilities with our third challenge— Blind Trust . While our previous challenges focused on AI logic and token forgery, this one highlights a fundamental rule of web security: Never trust the client. Category: Web Exploitation Difficulty: Medium Author: Suyog Jadhav Theme: Client-Side Trust Challenge Overview The premise was simple: solve 20 rapid-fire math problems in the browser to reveal the flag. The Hook: The interface claimed that answers were validated, a speed requirement existed, and legitimacy checks were in place. The Reality: The backend performed zero validation . It blindly trusted the calculations performed by the browser's JavaScript. Key insight: If you control the browser, you control the game. Core Vulnerability: Lack of Server-Side Validation The backend failed to verify: ❌ Correctness of math answers. ❌ Physical butto...