Integriti Challenge 0221 XSS Writeup
Feb 21, 2021
Hello! I recently saw the Integriti 0221 XSS Challenge on Twitter, and decided to give it a go.
The vulnerability in the website is incorrect handling of Unicode characters, which can be used to inject HTML tags and run arbitrary code through the use of DOM clobbering.
Here’s my proof of concept exploit:
Here’s my writeup of how I found the solution:
The title of the webpage as “Unicodeversity WACK system” obviously pointed out to me that the bug stemmed from something related to Unicode.
justCTF [*] 2020 Writeups
Jan 31, 2021
justCTF [*] 2020 This CTF was a ton of fun but very difficult. I played with my team, (Crusaders of Rust), and we ended up getting 10th place.
We almost full cleared web, getting every challenge except njs (not counting PainterHell because that challenge was insane). I’ll write about everything I had a direct hand in solving.
Contents go-fs | Web Computeration | Web Computeration Fixed | Web Baby CSP | Web D0cker | Misc go-fs go-fs was the first web challenge that I solved, and it was a little difficult because I can’t read Go.
*CTF (StarCTF) 2021 Writeups
Jan 17, 2021
*CTF (StarCTF) 2021 Happy New Year, everyone! For the first CTF of the year, my team (Crusaders of Rust) played in *CTF 2021, and it the challenges were very interesting but also very difficult. My teammates were amazing, and together we made some amazing progress. We ended up placing 31st in the competition, which I’m very happy about (considering that we still don’t have anyone on rev :P).
Well, onto the writeups.
pbctf 2020 Writeups
Dec 07, 2020
pbctf 2020 This year, my team (Crusaders of Rust) played in perfect blue’s inaugural CTF, and it was a ton of fun. As always, I focused on mainly web challenges, and they were very interesting! My teammates were super helpful, basically helping to finish my ideas and finalize exploits on every web challenge.
We ended up getting 11th place, which I think was pretty good when considering we only got one pwn and one rev.
CSAW 2020 Finals Writeups
Nov 08, 2020
CSAW Finals 2020 This year, my team (Crusaders of Rust) was invited to play in the CSAW Final Round 2020. We qualified for the finals by placing 9th out of the 15 spots in the undergraduate US-Canada division during the qualifying round, and we were super excited to compete in the finals.
This CTF had some pretty cool and unique challenges (at least for web), and we ended up placing 10th out of 16 spots in North America (16 b/c of +1 team from Mexico), and 21st out of 52 globally.
CSAW 2020 Quals Writeups
Sep 23, 2020
CSAW Quals 2020 CSAW Quals 2020 was one of the CTFs I was looking forward to the most this year. Unfortunately, the CTF ended up being a total mess, with infrastructure issues, and broken challenges.
However, this CTF was the first to introduce some new challenge categories: steg rev and steg web! Honestly, I don’t know whose idea it was to make a CTF of only misc challenges, but I hope that this year was a fluke due to COVID.
TJCTF 2020 Writeups
May 26, 2020
TJCTF 2020 TJCTF 2020 was a CTF run by TJHSST’s Computer Security Club. I played with the team inSmartCard, finishing 14th (in the high school teams, 20th with observer teams). Check out my team page on the CTF website here to see me carry my team :^). Here are some writeups of some challenges which I thought were interesting.
Contents FB Library | Web Admin Secrets | Web Gamer F | Forensics Web FB Library FB Library was the 2nd to last web challenge, with 20 solves and worth 90 points.
Houseplant CTF 2020 Writeups
Apr 26, 2020
Contents JS Lotto Adventure-Revisited RTCP Trivia JS Lotto I liked the concept for this challenge, but unfortunately a script to solve this exact problem already existed online. I took first blood on this challenge though, which I was pretty happy about.
Opening the website we see a webpage that asks us to input five numbers from 0 to 1000.
Opening the source code of the we site, we see a app.
Mar 9, 2020
Hey, welcome to my blog. My name is Bryce, and I’m a student who is trying to learn more about computer science and cyber-security.
In my free time, I participate in information-security capture the flags (CTFs), code random projects (some of which you can see on my GitHub), or play random video games with friends. I’ll be posting all my writeups and some other stuff here.
Right now, I participate in CTFs with Crusaders of Rust, and previously PentaHex.