PascalCTF Beginners 2025
Complete writeup collection for PascalCTF Beginners 2025 - covering all categories with detailed explanations for newcomers
Competition Overview
PascalCTF Beginners 2025 was designed as an entry-level competition to introduce newcomers to the world of Capture The Flag competitions. The event featured challenges across multiple categories, each crafted to teach fundamental security concepts while remaining accessible to beginners.
Challenge Categories
Web
Simple Login
A basic SQL injection challenge to bypass authentication.
Solution:
The login form is vulnerable to SQL injection. Using `admin' OR '1'='1' --` as username bypasses the password check.
Cookie Monster
Manipulate cookies to gain admin access.
Solution:
The application stores user role in a cookie. Changing the role cookie value from 'user' to 'admin' grants administrative privileges.
Cryptography
Caesar's Secret
Decode a message encrypted with Caesar cipher.
Solution:
The message is encrypted with a Caesar cipher with shift 13 (ROT13). Decoding reveals the flag.
Base64 Layers
Multiple layers of Base64 encoding hide the flag.
Solution:
The flag is encoded multiple times with Base64. Decode iteratively until you get readable text.
Binary Exploitation
Stack Overflow
Exploit a buffer overflow vulnerability.
Solution:
The program has a buffer overflow in the input function. Overwrite the return address to jump to the win function.
Key Takeaways
- Always sanitize user input to prevent injection attacks
- Never trust client-side data like cookies without server-side validation
- Understanding basic cryptographic concepts is essential for security
- Buffer overflows remain a critical vulnerability class in binary exploitation
Resources for Learning
For those interested in learning more about CTF competitions and cybersecurity, we recommend:
- PicoCTF - Great for beginners
- OverTheWire - Progressive challenges
- CTFtime - Competition calendar and team rankings