corCTF 2021 Challenges Aug 23, 2021 corCTF 2021 Hey everyone! This weekend, my team the Crusaders of Rust hosted our first CTF. It was a great success, and we had a lot of amazing players compete for some good prizes. I’m really thankful to all the players, and I’m really glad all of my challenges got solved and that almost everyone seemed to really enjoy them. Here, I’ll be describing the solution to all of the challenges I made. ...
RaRCTF 2021 - Secure Storage Aug 09, 2021 Secure Storage Secure Storage was a “hard” web challenge that I wrote for RaRCTF 2021. Truth be told, I really wasn’t sure about the difficulty, but I think that it was in a good spot. It was my first challenge to end up in a CTF, so I was a little worried about the reception, but I’m glad a lot of people liked it. I was aware of two solutions during the CTF, one was the intended document. ...
Integriti Challenge 0221 XSS Writeup Feb 21, 2021 Hello! I recently saw the Integriti 0221 XSS Challenge on Twitter, and decided to give it a go. The vulnerability in the website is incorrect handling of Unicode characters, which can be used to inject HTML tags and run arbitrary code through the use of DOM clobbering. Here’s my proof of concept exploit: Exploit Here’s my writeup of how I found the solution: The title of the webpage as “Unicodeversity WACK system” obviously pointed out to me that the bug stemmed from something related to Unicode. ...
justCTF [*] 2020 Writeups Jan 31, 2021 justCTF [*] 2020 This CTF was a ton of fun but very difficult. I played with my team, (Crusaders of Rust), and we ended up getting 10th place. We almost full cleared web, getting every challenge except njs (not counting PainterHell because that challenge was insane). I’ll write about everything I had a direct hand in solving. Contents go-fs | Web Computeration | Web Computeration Fixed | Web Baby CSP | Web D0cker | Misc go-fs go-fs was the first web challenge that I solved, and it was a little difficult because I can’t read Go. ...
*CTF (StarCTF) 2021 Writeups Jan 17, 2021 *CTF (StarCTF) 2021 Happy New Year, everyone! For the first CTF of the year, my team (Crusaders of Rust) played in *CTF 2021, and it the challenges were very interesting but also very difficult. My teammates were amazing, and together we made some amazing progress. We ended up placing 31st in the competition, which I’m very happy about (considering that we still don’t have anyone on rev :P). Well, onto the writeups. ...
pbctf 2020 Writeups Dec 07, 2020 pbctf 2020 This year, my team (Crusaders of Rust) played in perfect blue’s inaugural CTF, and it was a ton of fun. As always, I focused on mainly web challenges, and they were very interesting! My teammates were super helpful, basically helping to finish my ideas and finalize exploits on every web challenge. We ended up getting 11th place, which I think was pretty good when considering we only got one pwn and one rev. ...
CSAW 2020 Finals Writeups Nov 08, 2020 CSAW Finals 2020 This year, my team (Crusaders of Rust) was invited to play in the CSAW Final Round 2020. We qualified for the finals by placing 9th out of the 15 spots in the undergraduate US-Canada division during the qualifying round, and we were super excited to compete in the finals. This CTF had some pretty cool and unique challenges (at least for web), and we ended up placing 10th out of 16 spots in North America (16 b/c of +1 team from Mexico), and 21st out of 52 globally. ...
CSAW 2020 Quals Writeups Sep 23, 2020 CSAW Quals 2020 CSAW Quals 2020 was one of the CTFs I was looking forward to the most this year. Unfortunately, the CTF ended up being a total mess, with infrastructure issues, and broken challenges. However, this CTF was the first to introduce some new challenge categories: steg rev and steg web! Honestly, I don’t know whose idea it was to make a CTF of only misc challenges, but I hope that this year was a fluke due to COVID. ...
TJCTF 2020 Writeups May 26, 2020 TJCTF 2020 TJCTF 2020 was a CTF run by TJHSST’s Computer Security Club. I played with the team inSmartCard, finishing 14th (in the high school teams, 20th with observer teams). Check out my team page on the CTF website here to see me carry my team :^). Here are some writeups of some challenges which I thought were interesting. Contents FB Library | Web Admin Secrets | Web Gamer F | Forensics Web FB Library FB Library was the 2nd to last web challenge, with 20 solves and worth 90 points. ...
Houseplant CTF 2020 Writeups Apr 26, 2020 Contents JS Lotto Adventure-Revisited RTCP Trivia JS Lotto I liked the concept for this challenge, but unfortunately a script to solve this exact problem already existed online. I took first blood on this challenge though, which I was pretty happy about. Opening the website we see a webpage that asks us to input five numbers from 0 to 1000. Opening the source code of the we site, we see a app. ...