CTF.SG CTF 2021 Quick writeups for the challenges I wrote: WebTouch Of The Paranoid We're happy to announce that we now support multi-factor authentication. Our login portal is now bulletproof and unhackable! Our first user mentioned something about Google Authenticator... PS: No bruteforce is needed, you will
DSO-NUS CTF 2021 MobileLoginIt's time for a simple, relaxing challenge. Can you find the correct credentials?Decompile the apk with jadx: public class LoginDataSource { private String m_password = "7470CB2F2412053D0A3CEC3D07CAE4A4"; ... public String getJavaPassword() { try { return AESTools.decrypt(this.m_password); } catch (Exception e) { e.printStackTrace(); return ""; } } ... public Result&
STACK the Flags 2020 Binary ExploitationBeta reporting systemThe developer working for COViD that we arrested refused to talk, but we found a program that he was working on his laptop. His notes have led us to the server where the beta is currently being hosted. It is likely
TISC20 Stage 1We're given an encrypted zip file and told that the password is a hex string. Generating a wordlist and feeding it to fcrackzip solves this. import itertools with open("hex_wordlist.txt", "w") as f: for c in itertools.product("0123456789abcdef", repeat=6)
ALLES! CTF 2020 OnlyFreightsCheck out my OnlyFans OnlyFreights! A website to classify all the freight ships.NOTE: There is a secret cargo stored at /flag.txt, but you need to convince the /guard executable to hand it to you!Relevant source code provided: app.put('/api/
CSICTF20 The Viet Cong is transmitting a secret message. They built a password checker so that only a selected few can view the secret message. We've recovered the binary, we need you to find out what they're trying to say.Official writeup can be found
CTF Cyber Defenders Discovery Camp 2020 [RE (Windows)-2] Dissect MeLET THE GAMES BEGIN!Open Ghidra. Load binary. Go through the entire binary because its labelled reverse engineering, then find the Bitmap embedded in the binary. [RE (Windows)-3] Cheat MeBe patient :) Then you can get what you want.[!W!
CTF redpwnCTF 2020 pwn/kevin-higgsIt's basically Rowhammer, right?This challenge is a golf challenge where teams can flip a certain number of bits anywhere in memory. The number of bits that can be flipped goes up over time until a team first solves the challenge, at which
CTF Zh3r0 CTF 2020 HelpWe're given a binary with a few useful functions. The first of which: void ok(void) { ssize_t sVar1; undefined local_28 [32]; puts("Hello world."); g = g + 1; if (g == idontknow) { sVar1 = read(0,local_28,0x29); if (sVar1 == 0) { puts("Why couldn\
CTF WeCTF 2020 Challenge files can be found here. lightSequelShou just learnt gRPC! Go play with his nasty API!We're given source code for a gRPC service built in Golang. One function in particular looks interesting: func (s *srvServer) GetLoginHistory(ctx context.Context, _ *pb.SrvRequest) (*pb.SrvReply,
CTF HSCTF 7 (2020) Got ItOh no, someone's messed with my GOT entries, and now my function calls are all wrong! Please, you have to help me! I'll do anything to make my function calls right!This is running on Ubuntu 18.04, with the standard libc.Connect
CTF Defenit CTF 2020 Bad Tumblers[Precondition] 0. Hundreds of wallets contain about 5 ether (tumbler) 0. Hackers steal more than 400 ethers through hacking per exchange 0. Hacker commissions ethereum tumbler to tumbling 400 ether from his wallet 0. After tracking the hacking accident that reported by
CTF RCTF2020 Switch PRO ControllerI bought a Switch PRO Controller!! It’s really cool!Two files are provided: Packet capture of some form of USB HID deviceScreen recording of someone typing out a flag with a on-screen keyboardThe screen recording unfortunately, has the flag visually obscured.
CTF Hack-A-Sat Qualifiers 2020 SpaceDBThe last over-the-space update seems to have broken the housekeeping on our satellite. Our satellite's battery is low and is running out of battery fast. We have a short flyover window to transmit a patch or it'll be lost forever. The battery level is
Projects Singapore Robotic Games 2020 After the not so successful run last year, I started planning for another run. The biggest issue was my choice of tracks, which offered close to no traction. The other problem was the weight of the drive system - being nearly 2kg, there was
CTF Cyber Defenders Discovery Camp 2019 Qualifiers Writeup of Challenges Solved for CDDC 2019 Qualifiers
CTF PlaidCTF 2019 Can You Guess MeGiven the following application: from secret import secret_value_for_password, flag, exec ... val= 0 inp = input("Input value: ") count_digits = len(set(inp)) if count_digits <= 10: # Make sure it is a number val = eval(inp) else: raise if
CTF WPICTF 2019 BoggedThis challenge involves issuing "bad" commands that have to be authenticated by a token generated through the following "leaked" source code: import hashlib secret = "" def generate_command_token(command, secret): hashed = hashlib.sha1(secret+command).hexdigest() return hashed def validate_input(command, token_in)
Projects Singapore Robotic Games 2019 On a whim, I decided to participate in the Sumo categories in SRG 2019. This post aims to document and explain the design decisions for my robot, which had to fit within 20cm x 20cm and weigh less than 3kg. Most parts were bought
CTF SwampCTF 2019 Future FunThis reversing challenge dropped a nearly 10MB binary on us. Given that I had no intention of reversing this mess, I took another route to solve this problem. The challenge description has interesting bits in it though: Deep on the web, I discovered
CTF boot2root 2019 EasyPhpThis challenge was split into 3 parts - one had to give inputs to fulfill all 3 parts before getting the full flag. <?php include "flag.php"; highlight_file(__FILE__); error_reporting(0); $str1 = $_GET['1']; if(isset($_GET['1'])){ if($str1 == md5(