Projects CE/CZ3004 Multi-Disciplinary project First, I have to express my gratitude for the lab executives managing Hardware Lab 3 for their support of the MDP groups in our lab. They've tolerated our nonsense and went beyond to accommodate our requests. The purpose of this post is to share
RaRCTF 2021 WebSecure StorageCheck out our secure storage solutions for all your secure storing needs! featuring our new secure enclave™️ where secrets are stored securely™️https://securestorage.rars.win/https://secureenclave.rars.win/The author writeup can be found here. The challenge is explained in far
STANDCON CTF 2021 PwnSpace University of Interior DesignStorytelling is the root of interior design.Author: zeyu2001We're given shell access to a machine, logged in as guest. We start poking around and notice a few interesting things: We see that python3.7 has the suid bit set. Given
3kCTF-2021 Webonline_compilerCompile & run your code with the 3k online compiler. Our online compiler supports multiple programming languages like Php, Python,...We're given source code of a web app - interesting snippets: @app.route('/save',methods = ['POST']) @cross_origin() def save(): c_type=
CTF.SG CTF 2021 Quick writeups for the challenges I wrote: WebTouch Of The Paranoid We're happy to announce that we now support multi-factor authentication. Our login portal is now bulletproof and unhackable! Our first user mentioned something about Google Authenticator... PS: No bruteforce is needed, you will
DSO-NUS CTF 2021 MobileLoginIt's time for a simple, relaxing challenge. Can you find the correct credentials?Decompile the apk with jadx: public class LoginDataSource { private String m_password = "7470CB2F2412053D0A3CEC3D07CAE4A4"; ... public String getJavaPassword() { try { return AESTools.decrypt(this.m_password); } catch (Exception e) { e.printStackTrace(); return ""; } } ... public Result&
STACK the Flags 2020 Binary ExploitationBeta reporting systemThe developer working for COViD that we arrested refused to talk, but we found a program that he was working on his laptop. His notes have led us to the server where the beta is currently being hosted. It is likely
TISC20 Stage 1We're given an encrypted zip file and told that the password is a hex string. Generating a wordlist and feeding it to fcrackzip solves this. import itertools with open("hex_wordlist.txt", "w") as f: for c in itertools.product("0123456789abcdef", repeat=6)
ALLES! CTF 2020 OnlyFreightsCheck out my OnlyFans OnlyFreights! A website to classify all the freight ships.NOTE: There is a secret cargo stored at /flag.txt, but you need to convince the /guard executable to hand it to you!Relevant source code provided: app.put('/api/
CSICTF20 The Viet Cong is transmitting a secret message. They built a password checker so that only a selected few can view the secret message. We've recovered the binary, we need you to find out what they're trying to say.Official writeup can be found
CTF Cyber Defenders Discovery Camp 2020 [RE (Windows)-2] Dissect MeLET THE GAMES BEGIN!Open Ghidra. Load binary. Go through the entire binary because its labelled reverse engineering, then find the Bitmap embedded in the binary. [RE (Windows)-3] Cheat MeBe patient :) Then you can get what you want.[!W!
CTF redpwnCTF 2020 pwn/kevin-higgsIt's basically Rowhammer, right?This challenge is a golf challenge where teams can flip a certain number of bits anywhere in memory. The number of bits that can be flipped goes up over time until a team first solves the challenge, at which
CTF Zh3r0 CTF 2020 HelpWe're given a binary with a few useful functions. The first of which: void ok(void) { ssize_t sVar1; undefined local_28 [32]; puts("Hello world."); g = g + 1; if (g == idontknow) { sVar1 = read(0,local_28,0x29); if (sVar1 == 0) { puts("Why couldn\
CTF WeCTF 2020 Challenge files can be found here. lightSequelShou just learnt gRPC! Go play with his nasty API!We're given source code for a gRPC service built in Golang. One function in particular looks interesting: func (s *srvServer) GetLoginHistory(ctx context.Context, _ *pb.SrvRequest) (*pb.SrvReply,
CTF HSCTF 7 (2020) Got ItOh no, someone's messed with my GOT entries, and now my function calls are all wrong! Please, you have to help me! I'll do anything to make my function calls right!This is running on Ubuntu 18.04, with the standard libc.Connect
CTF Defenit CTF 2020 Bad Tumblers[Precondition] 0. Hundreds of wallets contain about 5 ether (tumbler) 0. Hackers steal more than 400 ethers through hacking per exchange 0. Hacker commissions ethereum tumbler to tumbling 400 ether from his wallet 0. After tracking the hacking accident that reported by
CTF RCTF2020 Switch PRO ControllerI bought a Switch PRO Controller!! It’s really cool!Two files are provided: Packet capture of some form of USB HID deviceScreen recording of someone typing out a flag with a on-screen keyboardThe screen recording unfortunately, has the flag visually obscured.
CTF Hack-A-Sat Qualifiers 2020 SpaceDBThe last over-the-space update seems to have broken the housekeeping on our satellite. Our satellite's battery is low and is running out of battery fast. We have a short flyover window to transmit a patch or it'll be lost forever. The battery level is
Projects Singapore Robotic Games 2020 After the not so successful run last year, I started planning for another run. The biggest issue was my choice of tracks, which offered close to no traction. The other problem was the weight of the drive system - being nearly 2kg, there was
CTF Cyber Defenders Discovery Camp 2019 Qualifiers Writeup of Challenges Solved for CDDC 2019 Qualifiers
CTF PlaidCTF 2019 Can You Guess MeGiven the following application: from secret import secret_value_for_password, flag, exec ... val= 0 inp = input("Input value: ") count_digits = len(set(inp)) if count_digits <= 10: # Make sure it is a number val = eval(inp) else: raise if