BroncoCTF 2025 WriteUp | STELK_CSC
My team, Stelk_CSC, participated in BroncoCTF 2025, completing 12 challenges with a variation of categories Cryptography, Forensic, Reverse Engineering, OSINT, Web, Beginner and Misc. securing 185th place out of 806 teams, now I’m gonna share a writeup of some chall that I solved
Now, let’s dive into some of the chall that I solved
Miku’s Autograph | 10 Points | Web
Navigating to the websites, we got hatsune miku fan club
Clicking the magic miku login button I got this message :
So, I guess we need to leverage our privilege from miku_user to miku_admin. Now, I will use Burp Suite to analyze the traffic more clearly. After running Burp and clicking on "Magic Miku Login," I received the following JWT token:
Now, I will go ahead to token.dev and modify this jwt token
What we need to modify to successfully run this attack is :
sub : from miku_user to miku_admin
alg: from HS256 to none
JWT String : add . at the end of the jwt token to make sure its still validAfter got the jwt token now time to add this token to the websites and get the our first FLAG !
Grandma’s Secret Recipe | 10 Points | Web
As with the title name, we have to deal with cookies, maybe modifying the cookies
when I click on login we got logged in as kitchen helper, and to access Grandma’s pantry we need to be logged in as grandma, so when I turn on my burp and intercept the traffic I got this request :
There is a cookie that includes the role “kitchen helper” and an MD5 checksum of “kitchen helper.” Our task is to change the role from “kitchen helper” to “grandma” and update the MD5 checksum accordingly. after changing this we should get the flag !
April 25 | 10 Points | OSINT
To find out what BroncoSec is doing on April 25, I navigated to their Instagram page and searched for the event on that date. I found a post related to it and obtained the flag !
QR Coded | 277 Points | Forensic
We were given a QR code image. After scanning it, I got a fake flag, which means it’s not that easy after all. This appears to be a steganography challenge, so I assume there is a hidden image inside. To investigate further, I ran StegSolve.
And I found another QR code! It’s hidden within the least significant bits of a grayscale image, scanning it and I got the flag !
bronco{th1s_0n3_i5}Inspector Requestor | 10 Points | Beginner
We were given google form websites, but after visiting the link it says we are no longer accepting request for flag
But when i see the title it say Inspector Requestor, so maybe i need to inspect this websites to get the flag ?
We got the flag ! :D
Break the Battalion | 10 Points | Beginner
We got a file that when i run it ask me for a passcode
As you can see, when I enter “123” as a passcode, it returns “abc.” This suggests that the file converts numbers to their corresponding letters based on their position in the alphabet, we doesn't know the passcode yet but at least we know how this program operating, running strings i got interesting respond :
Here are the correct positions of each letter in “brigade” based on their position in the alphabet:
- B → 2
- R → 18
- I → 9
- G → 7
- A → 1
- D → 4
- E → 5
So, “brigade” corresponds to 2 18 9 7 1 4 5 in numerical positions.
But when I enter this, the program reads 18 as separate numerical positions, interpreting it as 1 and 8. We need to determine the correct numerical position for ‘r.’ When I ran the program and input ‘r,’ I got:
so our final input for passcode is : 2"97145
The flag is : bronco{2"97145}
It’s a Bird | 448 Points | Misc
We were given a jpeg file, running foremost i didn't get anything inside the image, but when i run stegseek i have extracted .csv file
The column 103 contained numbers that didn’t seem like regular dataset values, in the table R we found that number that looks like hex encoding :
gathering all this number and we got this
98, 114, 111, 110, 99, 123, 105, 60, 51, 112, 108, 97, 110, 101, 115, 125After decoding this we got the flag
