The BountyCon2020 CTF is sponsored by Facebook and top 20 people from APAC region will be invited to the invitation-only conference in Singapore.
I solved all the challenges in the CTF and I really enjoyed playing it, and I am invited to the Conference.
1. Secure Login
Its an easy binary exploitation challenge, binary asks for the password and the comparison is like md5(password) == "hash". We can't crack the hash, though you can find collisions for md5 with reasonable time. There is a buffer overflow in the password buffer and hash is consecutive to the password buffer, for example password buffer is at rbp-0x58 and hash is at rbp-0x30, as there is an overflow in password buffer we can overflow the hash.
I expected few more binary exploitation challenges, but this is the only challenge given