PascalCTF
diff --git a/‎en/ctf/ctfatac/index.html‎
Lines changed: 1489 additions & 0 deletions b/‎en/ctf/ctfatac/index.html‎
Lines changed: 1489 additions & 0 deletions
diff --git a/‎en/ctf/index.html‎
Lines changed: 15 additions & 0 deletions b/‎en/ctf/index.html‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎en/ctf/index.xml‎
Lines changed: 8 additions & 1 deletion b/‎en/ctf/index.xml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎en/ctf/scriptctf2025/index.html‎
Lines changed: 5 additions & 0 deletions b/‎en/ctf/scriptctf2025/index.html‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎en/index.xml‎
Lines changed: 8 additions & 1 deletion b/‎en/index.xml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎en/sitemap.xml‎
Lines changed: 94 additions & 55 deletions b/‎en/sitemap.xml‎
Lines changed: 94 additions & 55 deletions
diff --git a/‎en/tags/binary/index.html‎
Lines changed: 15 additions & 0 deletions b/‎en/tags/binary/index.html‎
Lines changed: 15 additions & 0 deletions
diff --git a/‎en/tags/binary/index.xml‎
Lines changed: 8 additions & 1 deletion b/‎en/tags/binary/index.xml‎
Lines changed: 8 additions & 1 deletion
diff --git a/‎en/tags/crypto/index.html‎
Lines changed: 15 additions & 0 deletions b/‎en/tags/crypto/index.html‎
Lines changed: 15 additions & 0 deletions
@@ -166,6 +166,21 @@ <h1>
   </h1>
 </header>
 
+<article class="post-entry"> 
+  <header class="entry-header">
+    <h2 class="entry-hint-parent">CTF@AC 2025
+    </h2>
+  </header>
+  <div class="entry-content">
+    <p>CTF@AC 2025 Web 🌐 money Analysis The challenge exposes a minimal dashboard that supports third‑party plugins. When we upload a plugin, the platform also lets us download any existing ones (including the official flag.plugin).
+Exploit After downloading flag.plugin, we notice it’s encrypted. The server.py file contains both the key and the function to decrypt it, so we can locally decrypt it using decrypt_file.
+KEY = b&#34;SECRET_KEY!123456XXXXXXXXXXXXXXX&#34; def decrypt_file(input_path, output_path, key): with open(input_path, &#34;rb&#34;) as f: data = f.read() iv = data[:16] ciphertext = data[16:] cipher = AES.new(key, AES.MODE_CBC, iv) plaintext = unpad(cipher.decrypt(ciphertext), AES.block_size) with open(output_path, &#34;wb&#34;) as f: f.write(plaintext) The decrypted flag.plugin init.py contains the following code:
+...</p>
+  </div>
+  <footer class="entry-footer"><span title='2025-09-16 00:00:00 +0000 UTC'>September 16, 2025</span>&nbsp;·&nbsp;33 min&nbsp;·&nbsp;6997 words&nbsp;·&nbsp;Paolo</footer>
+  <a class="entry-link" aria-label="post link to CTF@AC 2025" href="https://pascalctf.github.io/en/ctf/ctfatac/"></a>
+</article>
+
 <article class="post-entry"> 
   <header class="entry-header">
     <h2 class="entry-hint-parent">scriptCTF 2025
 
@@ -6,8 +6,15 @@
     <description>Recent content in Capture The Flag 🚩 on Website</description>
     <generator>Hugo -- 0.150.0</generator>
     <language>en</language>
-    <lastBuildDate>Fri, 22 Aug 2025 00:00:00 +0000</lastBuildDate>
+    <lastBuildDate>Tue, 16 Sep 2025 00:00:00 +0000</lastBuildDate>
     <atom:link href="https://pascalctf.github.io/en/ctf/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>CTF@AC 2025</title>
+      <link>https://pascalctf.github.io/en/ctf/ctfatac/</link>
+      <pubDate>Tue, 16 Sep 2025 00:00:00 +0000</pubDate>
+      <guid>https://pascalctf.github.io/en/ctf/ctfatac/</guid>
+      <description>Some writeups of the CTF@AC ctf 2025 edition.</description>
+    </item>
     <item>
       <title>scriptCTF 2025</title>
       <link>https://pascalctf.github.io/en/ctf/scriptctf2025/</link>
 
@@ -701,6 +701,11 @@ <h3 id="analysis">Analysis<a hidden class="anchor" aria-hidden="true" href="#ana
       <li><a href="https://pascalctf.github.io/en/tags/osint/">Osint</a></li>
     </ul>
 <nav class="paginav">
+  <a class="prev" href="https://pascalctf.github.io/en/ctf/ctfatac/">
+    <span class="title">« Prev</span>
+    <br>
+    <span>CTF@AC 2025</span>
+  </a>
   <a class="next" href="https://pascalctf.github.io/en/ctf/pascalctf2025/">
     <span class="title">Next »</span>
     <br>
 
@@ -6,8 +6,15 @@
     <description>Recent content on Website</description>
     <generator>Hugo -- 0.150.0</generator>
     <language>en</language>
-    <lastBuildDate>Fri, 22 Aug 2025 00:00:00 +0000</lastBuildDate>
+    <lastBuildDate>Tue, 16 Sep 2025 00:00:00 +0000</lastBuildDate>
     <atom:link href="https://pascalctf.github.io/en/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>CTF@AC 2025</title>
+      <link>https://pascalctf.github.io/en/ctf/ctfatac/</link>
+      <pubDate>Tue, 16 Sep 2025 00:00:00 +0000</pubDate>
+      <guid>https://pascalctf.github.io/en/ctf/ctfatac/</guid>
+      <description>Some writeups of the CTF@AC ctf 2025 edition.</description>
+    </item>
     <item>
       <title>scriptCTF 2025</title>
       <link>https://pascalctf.github.io/en/ctf/scriptctf2025/</link>
 
@@ -2,8 +2,21 @@
 <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"
   xmlns:xhtml="http://www.w3.org/1999/xhtml">
   <url>
+    <loc>https://pascalctf.github.io/en/tags/binary/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
+    <xhtml:link
+                rel="alternate"
+                hreflang="it"
+                href="https://pascalctf.github.io/it/tags/binary/"
+                />
+    <xhtml:link
+                rel="alternate"
+                hreflang="en"
+                href="https://pascalctf.github.io/en/tags/binary/"
+                />
+  </url><url>
     <loc>https://pascalctf.github.io/en/ctf/</loc>
-    <lastmod>2025-08-22T00:00:00+00:00</lastmod>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
@@ -14,9 +27,22 @@
                 hreflang="en"
                 href="https://pascalctf.github.io/en/ctf/"
                 />
+  </url><url>
+    <loc>https://pascalctf.github.io/en/tags/crypto/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
+    <xhtml:link
+                rel="alternate"
+                hreflang="it"
+                href="https://pascalctf.github.io/it/tags/crypto/"
+                />
+    <xhtml:link
+                rel="alternate"
+                hreflang="en"
+                href="https://pascalctf.github.io/en/tags/crypto/"
+                />
   </url><url>
     <loc>https://pascalctf.github.io/en/tags/ctf/</loc>
-    <lastmod>2025-08-22T00:00:00+00:00</lastmod>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
@@ -28,108 +54,147 @@
                 href="https://pascalctf.github.io/en/tags/ctf/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/tags/osint/</loc>
-    <lastmod>2025-08-22T00:00:00+00:00</lastmod>
+    <loc>https://pascalctf.github.io/en/ctf/ctfatac/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/tags/osint/"
+                href="https://pascalctf.github.io/it/ctf/ctfatac/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/tags/osint/"
+                href="https://pascalctf.github.io/en/ctf/ctfatac/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/tags/programming/</loc>
-    <lastmod>2025-08-22T00:00:00+00:00</lastmod>
+    <loc>https://pascalctf.github.io/en/tags/ctfatac/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/tags/programming/"
+                href="https://pascalctf.github.io/it/tags/ctfatac/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/tags/programming/"
+                href="https://pascalctf.github.io/en/tags/ctfatac/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/tags/pyjail/</loc>
-    <lastmod>2025-08-22T00:00:00+00:00</lastmod>
+    <loc>https://pascalctf.github.io/en/tags/ctfatac2025/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/tags/pyjail/"
+                href="https://pascalctf.github.io/it/tags/ctfatac2025/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/tags/pyjail/"
+                href="https://pascalctf.github.io/en/tags/ctfatac2025/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/tags/scriptctf/</loc>
+    <loc>https://pascalctf.github.io/en/tags/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
+    <xhtml:link
+                rel="alternate"
+                hreflang="it"
+                href="https://pascalctf.github.io/it/tags/"
+                />
+    <xhtml:link
+                rel="alternate"
+                hreflang="en"
+                href="https://pascalctf.github.io/en/tags/"
+                />
+  </url><url>
+    <loc>https://pascalctf.github.io/en/tags/web/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
+    <xhtml:link
+                rel="alternate"
+                hreflang="it"
+                href="https://pascalctf.github.io/it/tags/web/"
+                />
+    <xhtml:link
+                rel="alternate"
+                hreflang="en"
+                href="https://pascalctf.github.io/en/tags/web/"
+                />
+  </url><url>
+    <loc>https://pascalctf.github.io/en/</loc>
+    <lastmod>2025-09-16T00:00:00+00:00</lastmod>
+    <xhtml:link
+                rel="alternate"
+                hreflang="it"
+                href="https://pascalctf.github.io/it/"
+                />
+    <xhtml:link
+                rel="alternate"
+                hreflang="en"
+                href="https://pascalctf.github.io/en/"
+                />
+  </url><url>
+    <loc>https://pascalctf.github.io/en/tags/osint/</loc>
     <lastmod>2025-08-22T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/tags/scriptctf/"
+                href="https://pascalctf.github.io/it/tags/osint/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/tags/scriptctf/"
+                href="https://pascalctf.github.io/en/tags/osint/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/ctf/scriptctf2025/</loc>
+    <loc>https://pascalctf.github.io/en/tags/programming/</loc>
     <lastmod>2025-08-22T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/ctf/scriptctf2025/"
+                href="https://pascalctf.github.io/it/tags/programming/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/ctf/scriptctf2025/"
+                href="https://pascalctf.github.io/en/tags/programming/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/tags/</loc>
+    <loc>https://pascalctf.github.io/en/tags/pyjail/</loc>
     <lastmod>2025-08-22T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/tags/"
+                href="https://pascalctf.github.io/it/tags/pyjail/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/tags/"
+                href="https://pascalctf.github.io/en/tags/pyjail/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/tags/web/</loc>
+    <loc>https://pascalctf.github.io/en/tags/scriptctf/</loc>
     <lastmod>2025-08-22T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/tags/web/"
+                href="https://pascalctf.github.io/it/tags/scriptctf/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/tags/web/"
+                href="https://pascalctf.github.io/en/tags/scriptctf/"
                 />
   </url><url>
-    <loc>https://pascalctf.github.io/en/</loc>
+    <loc>https://pascalctf.github.io/en/ctf/scriptctf2025/</loc>
     <lastmod>2025-08-22T00:00:00+00:00</lastmod>
     <xhtml:link
                 rel="alternate"
                 hreflang="it"
-                href="https://pascalctf.github.io/it/"
+                href="https://pascalctf.github.io/it/ctf/scriptctf2025/"
                 />
     <xhtml:link
                 rel="alternate"
                 hreflang="en"
-                href="https://pascalctf.github.io/en/"
+                href="https://pascalctf.github.io/en/ctf/scriptctf2025/"
                 />
   </url><url>
     <loc>https://pascalctf.github.io/en/tags/breaches/</loc>
@@ -345,32 +410,6 @@
                 hreflang="en"
                 href="https://pascalctf.github.io/en/tags/olicyber/"
                 />
-  </url><url>
-    <loc>https://pascalctf.github.io/en/tags/binary/</loc>
-    <lastmod>2025-03-26T00:00:00+00:00</lastmod>
-    <xhtml:link
-                rel="alternate"
-                hreflang="it"
-                href="https://pascalctf.github.io/it/tags/binary/"
-                />
-    <xhtml:link
-                rel="alternate"
-                hreflang="en"
-                href="https://pascalctf.github.io/en/tags/binary/"
-                />
-  </url><url>
-    <loc>https://pascalctf.github.io/en/tags/crypto/</loc>
-    <lastmod>2025-03-26T00:00:00+00:00</lastmod>
-    <xhtml:link
-                rel="alternate"
-                hreflang="it"
-                href="https://pascalctf.github.io/it/tags/crypto/"
-                />
-    <xhtml:link
-                rel="alternate"
-                hreflang="en"
-                href="https://pascalctf.github.io/en/tags/crypto/"
-                />
   </url><url>
     <loc>https://pascalctf.github.io/en/ctf/pascalctf2025/</loc>
     <lastmod>2025-03-26T00:00:00+00:00</lastmod>
 
@@ -151,6 +151,21 @@ <h1>
   </h1>
 </header>
 
+<article class="post-entry tag-entry"> 
+  <header class="entry-header">
+    <h2 class="entry-hint-parent">CTF@AC 2025
+    </h2>
+  </header>
+  <div class="entry-content">
+    <p>CTF@AC 2025 Web 🌐 money Analysis The challenge exposes a minimal dashboard that supports third‑party plugins. When we upload a plugin, the platform also lets us download any existing ones (including the official flag.plugin).
+Exploit After downloading flag.plugin, we notice it’s encrypted. The server.py file contains both the key and the function to decrypt it, so we can locally decrypt it using decrypt_file.
+KEY = b&#34;SECRET_KEY!123456XXXXXXXXXXXXXXX&#34; def decrypt_file(input_path, output_path, key): with open(input_path, &#34;rb&#34;) as f: data = f.read() iv = data[:16] ciphertext = data[16:] cipher = AES.new(key, AES.MODE_CBC, iv) plaintext = unpad(cipher.decrypt(ciphertext), AES.block_size) with open(output_path, &#34;wb&#34;) as f: f.write(plaintext) The decrypted flag.plugin init.py contains the following code:
+...</p>
+  </div>
+  <footer class="entry-footer"><span title='2025-09-16 00:00:00 +0000 UTC'>September 16, 2025</span>&nbsp;·&nbsp;33 min&nbsp;·&nbsp;6997 words&nbsp;·&nbsp;Paolo</footer>
+  <a class="entry-link" aria-label="post link to CTF@AC 2025" href="https://pascalctf.github.io/en/ctf/ctfatac/"></a>
+</article>
+
 <article class="post-entry tag-entry"> 
   <header class="entry-header">
     <h2 class="entry-hint-parent">Pascal CTF Beginner 2025
 
@@ -6,8 +6,15 @@
     <description>Recent content in Binary on Website</description>
     <generator>Hugo -- 0.150.0</generator>
     <language>en</language>
-    <lastBuildDate>Wed, 26 Mar 2025 00:00:00 +0000</lastBuildDate>
+    <lastBuildDate>Tue, 16 Sep 2025 00:00:00 +0000</lastBuildDate>
     <atom:link href="https://pascalctf.github.io/en/tags/binary/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>CTF@AC 2025</title>
+      <link>https://pascalctf.github.io/en/ctf/ctfatac/</link>
+      <pubDate>Tue, 16 Sep 2025 00:00:00 +0000</pubDate>
+      <guid>https://pascalctf.github.io/en/ctf/ctfatac/</guid>
+      <description>Some writeups of the CTF@AC ctf 2025 edition.</description>
+    </item>
     <item>
       <title>Pascal CTF Beginner 2025</title>
       <link>https://pascalctf.github.io/en/ctf/pascalctf2025/</link>
 
@@ -151,6 +151,21 @@ <h1>
   </h1>
 </header>
 
+<article class="post-entry tag-entry"> 
+  <header class="entry-header">
+    <h2 class="entry-hint-parent">CTF@AC 2025
+    </h2>
+  </header>
+  <div class="entry-content">
+    <p>CTF@AC 2025 Web 🌐 money Analysis The challenge exposes a minimal dashboard that supports third‑party plugins. When we upload a plugin, the platform also lets us download any existing ones (including the official flag.plugin).
+Exploit After downloading flag.plugin, we notice it’s encrypted. The server.py file contains both the key and the function to decrypt it, so we can locally decrypt it using decrypt_file.
+KEY = b&#34;SECRET_KEY!123456XXXXXXXXXXXXXXX&#34; def decrypt_file(input_path, output_path, key): with open(input_path, &#34;rb&#34;) as f: data = f.read() iv = data[:16] ciphertext = data[16:] cipher = AES.new(key, AES.MODE_CBC, iv) plaintext = unpad(cipher.decrypt(ciphertext), AES.block_size) with open(output_path, &#34;wb&#34;) as f: f.write(plaintext) The decrypted flag.plugin init.py contains the following code:
+...</p>
+  </div>
+  <footer class="entry-footer"><span title='2025-09-16 00:00:00 +0000 UTC'>September 16, 2025</span>&nbsp;·&nbsp;33 min&nbsp;·&nbsp;6997 words&nbsp;·&nbsp;Paolo</footer>
+  <a class="entry-link" aria-label="post link to CTF@AC 2025" href="https://pascalctf.github.io/en/ctf/ctfatac/"></a>
+</article>
+
 <article class="post-entry tag-entry"> 
   <header class="entry-header">
     <h2 class="entry-hint-parent">Pascal CTF Beginner 2025