Skip to main content

CBizarre

Challenge Overview

We were provided with two Windows executables, each containing a flag to recover through static analysis and reverse engineering.

Part 1: Pastebin Recon

Loaded the binary in Ghidra and quickly found a hardcoded Pastebin URL in the strings.
The URL wasn't used by the program, but visiting it revealed the flag directly.

Flag:

404CTF{PAst3_mY_FL2g}

Part 2: Password Checks

Decompiled the second binary and found a series of character checks on the input.
Each position required a specific character:

Offset Char
0 f
1 a
2 V
3 M
4 P
5 Z
6 a
7 %
8 3
9 y
10 N
11 K
12 o
13 @
14 n
15 M
16 v
17 %
18 1
19 x
Assembled the password: faVMPZa%3yNKo@nMv%1x
Running the binary with this password printed the flag.

Flag:

404CTF{Cg00d&slmpL3}

Challenge Overview
Part 1: Pastebin Recon
Part 2: Password Checks