First Nightmare

grodno_new_year_2026

Task: Custom TCP protocol challenge requiring a payload with MD5 hash computed from the TCP sequence number. Solution: Used Scapy raw sockets with a random ISN (not zero) to perform the TCP handshake, computed md5(str(seq) + "get_flag") for the data packet payload, and blocked kernel RST packets via iptables in Docker.

md5 tcp raw_socket scapy isn custom_protocol

raw_socket_tcpisn_randomizationtcp_handshakepayload_construction

$ ls tags/ techniques/

md5 tcp raw_socket scapy isn custom_protocol

raw_socket_tcpisn_randomizationtcp_handshakepayload_construction

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[crypto][Pro]Firewall— uoftctf2026
[pwn][Pro]pwn4_local— pwn_spbctf
[forensics][Pro]exFill— grodno_new_year_2026
[crypto][Pro]RSA?— grodno_new_year_2026
[pwn][Pro]rabbit_1 (rabbit in forest)— pwn_spbctf