Programs step in time to the beat of the CPU.
Can you sow enough discord to pull them away from their set paths, toward the flag?
Don't have quite the knowledge for this yet?
Want to learn to exploit binary software like a pro?
Start here and progress through to learn!
Connect with SSH
Link your SSH key, then connect with: ssh hacker@pwn.college
Hint
Run the challenge using the wrapper
/challenge/wrapper
Connect with SSH
Link your SSH key, then connect with: ssh hacker@pwn.college
Our company runs a secure-ftp server to share files. It's pretty secure—or at least we thought so. One day, we discovered that our company's username and password credentials were leaked. WE WERE HACKED. After a thorough investigation, our sysadmin was able to recover some network traffic that seemingly came from the attacker. We are currently working on patching the bug in our secure-ftp server and tightening security measures. Hopefully, no one will exploit us again and cause another leak, right?
The attacker has removed the read/write permissions from the original binary, so it's probably best to focus on analyzing the capture.pcap instead. You don't need any fancy FTP clients to use our FTP server—just a simple netcat command like nc localhost 21 will work. You can run the FTP server by executing /challenge/secureftp. To analyze the capture, you can use a tool called Wireshark. Once opened, inspect the traffic and try to figure out how the attacker stole our information. Hopefully, no one can leak /flag 🤞.
💡 Hint for the secure-ftp challenge
You are not meant to look at the binary.
However, we’ve made it readable since everyone has been asking for it.
You're supposed to:
Run the challenge
Interact with it
Analyze the .pcap file to make progress
Connect with SSH
Link your SSH key, then connect with: ssh hacker@pwn.college
XSH(1) General Commands Manual XSH(1)
NAME
xsh - A minimal, restricted shell with command history
DESCRIPTION
xsh is a highly restrictive shell designed for controlled command execution.
It supports a small set of built-in commands and maintains a command history.
Check the `help` command in the shell for more help.
HISTORY
Commands entered in xsh are stored in a history buffer, which can be
accessed using `history` and replayed using `!<index>` or `!!`.
BUGS
The `delete` command is known to be unstable. If a long command is deleted
twice, the shell crashes with a strange error. Please report fixes; otherwise,
this feature will be deprecated in version 1.2.
AUTHOR
Developed for AZ-CTF 2025.
SEE ALSO
sh(1), bash(1), zsh(1)
AZ-CTF 2025 March 2025 XSH(1)
Connect with SSH
Link your SSH key, then connect with: ssh hacker@pwn.college
30-Day Scoreboard:
This scoreboard reflects solves for challenges in this module after the module launched in this dojo.