Sunshine CTF 2025 - AstroJIT AI (pwn)

This pwn challenge requires playing with the input of weights and biases of an AI chatbot to leak the flag.

Prajesh Kumar

Oct 8, 2025 — 2 min read

The Setup:

The challenge description is like an email from the CEO of a company with a few words being [censored]. We are also provided with a netcat server to connect to.

Upon connecting, we receive the first prompt that asks for an API key to connect with the LLM or to enter as a guest. We enter as a guest and get the following options-

Playing around a bit, we can understand that the bot can perform the following activities-
1. We can input training weights
2. We can talk to the AI, but it breaks the conversation after 3 prompts. Also, we need to first register the weights before talking to the bot
3. We can train the bot on 22 internal emails, while training we can see the email content with some content being censored.
4. View our weights

Using option 1, we see that we can provide weights as numbers and also as strings; thus, when providing malformed strings, we can see the error messages.

One interesting piece of code here is the GetApiToken(). We can use code injection in the weights to view the API token being used. Using the below C# code -

{Weights.GetApiToken().ToString(), "0"}

And then choosing to debug the weights, we can see the API token as -
"Internal-EvilCorp-Api-Key-1337-Take-That-Hackers-This-Is-Not-A-Freebie"
Exiting and reconnecting to the API token, the challenge is accepted.

We can also see that privileged users can run dangerous queries, but asking the bot the flag still proved useless. Again, looking at the error message, we can see that a regex is blocking words like flag, sun, flagpole, etc. We can again use code injection in the weights to change the Regex of the RegexBlocker.

{(dynamic)(Biases.RegexBlocker = "(?!.)"), 0}

While the chatbot accepted the payload, I still couldn’t get it to leak the flag while chatting. I then decided to use option 3-> Train on internal emails, and while training, I realized that it had stopped censoring the emails, and we can see the flag in one of the emails as below
sun{evil-corp-one-uprising-at-a-time-folks-may-be-evil-but-do-not-get-burnt-out-just-burn-the-building-down-before-you-go-we-need-the-insurance-money}

SunshineCTF 2025 Writeup - Hail Mary

The challenge required us to find a 10-float "genetic code" that maximizes a hidden "survival rating" function to an average of 95.0% within 100 generations. This is solved using a Genetic Algorithm, an optimization technique that mimics natural selection.

SunshineCTF 2025 Writeup - Bits of Space

This attack is a classic cryptographic vulnerability called CBC Bit-Flipping Attack, which targets data encrypted using the CBC mode. The goal of the challenge is to get the server to decrypt a malicious packet that results in a specific, secret value for the `device_id` (0xdeadbabe).

SunshineCTF 2025 Writeup - Plutonian Crypto

The core problem is that the same secret message (P) is being encrypted repeatedly with a predictable, but incrementing, counter. Because the message is longer than the known plaintext, we must retrieve two consecutive ciphertexts (C0 and C1) to piece together the full encryption keystream (K0).

phished (K17 CTF)

This is a writeup for the phished challenge for K17 CTF. Challenge Details The challenge description reads: We fired Billy last week after he failed a phishing test for the 6th time. We wiped his machine, but now we really need one of the files that was on it. Maybe

The Setup:

Read more

SunshineCTF 2025 Writeup - Hail Mary

SunshineCTF 2025 Writeup - Bits of Space

SunshineCTF 2025 Writeup - Plutonian Crypto

phished (K17 CTF)