CTF

Writeup - Cyber Apocalypse CTF 2021

Apr 24, 2021

Cyber Apocalypse 2021 was held between 13:00 19 April 2021 UTC and 23:00 24 April 2021 UTC. Our final rank was #479 out of 4740 teams. Not bad, I’d say :) Contents Hardware Serial Logs Compromised Secure Off the grid Web Wild goose hunt MiniSTRyplace Misc Input as a Service Hardware There were 6 hardware challenges in this event and I was able to solve 4 of them.…more

Cyber Talents Mini CTF Week 3

Feb 21, 2021

Info This was the third one of the Cyber Talents February weekly mini CTFs. Link here There were 5 challenges: detector is an open-source, free and lightweight network intrusion detection system (NIDS) software for Linux and Windows to detect emerging threats. A Google search shows “Snort”. Tried it and it’s the correct answer. LOUDER At the start, we were given a hyper link to an audio file…more

牛年灯谜 CTF Writeup Part 2

Feb 14, 2021

Part 1 第二个红包虽然增加了一些难度，但我认为对于即便新手来说仍然是有机会通过观察和少许研究解出的。所以我仍然打算配上较为详细的、尽可能不假设前…more

牛年灯谜 CTF Writeup Part 1

Feb 13, 2021

引子 Part 2 一年前我在 UTS 开始学习以来，我打算转向网络/信息安全方向，也由此接触到了 CTF (Capture the Flag) 这种有趣的活动。在农历新年的前一周时，我突然想到或许可…more

Cyber Talents Mini CTF Week 1

Feb 08, 2021

Info This was the first one of the Cyber Talents February weekly mini CTFs. Link here There were 5 challenges: Event Manager Software products and services combine security information management and security event management. They provide real-time analysis of security alerts generated by applications and network hardware. So the answer to this question was simply “SIEM”. Funny that I only got this flag at the last because it wasn’t in a flag{xxxx} format and the question itself didn’t look like something to solve LOL.…more

CSEC CTF: Doors Plus

Jul 10, 2020

Challenge Info This is a challenge from the UTS Cyber Security Society (CSEC) Semester-long CTF for 2020 Autumn session. Link: here Let’s look around So the challenge starts with a URL (not the YouTube link!). Go to that link we see: Seems this website provides a set of web API. And our objective, as described, is to create a door named “Backdoor”. Firstly I tried to send a GET request to /api/door with Postman:…more

WPI CTF: Suckmore Shell 2.0

Apr 18, 2020

Challenge Description After its abysmal performance at WPICTF 2019, suckmore shell v1 has been replaced with a more secure, innovative and performant version, aptly named suckmore shell V2. ssh smsh@smsh.wpictf.xyz pass: suckmore>suckless made by: acurless Poking Around First off, SSH login. ssh smsh@smsh.wpictf.xyz Give the password when asked. A prompt, hmmmm. Doesn’t look a normal shell, but it’s a shell. Okay, let’s see what we have now.…more

WPI CTF: John Cena 🎺🎺🎺🎺

Apr 18, 2020

Challenge Description You can’t see him, but can you see the flag? http://us-east-1.linodeobjects.com/wpictf-challenge-files/braille.png made by: ollien, with a little help from acurless Braille The first clue for this challenge is a URL to a PNG image. This is how it looks: Apparently, it’s something written in Braille. We need to do an “OCR” of this picture first, and then decode it. According to Wikipedia, 6-dot Braille patterns are coded in Unicode as this:…more

WPI CTF: 👉😎👉

Apr 18, 2020

Challenge Description 👈😎👈Zoop👉😎👉Zoop 👈😎👈Zoop👉😎👉Zoop 👈😎👈Zoop👉😎👉Zoop 👈😎👈Zoop👉😎👉Zoop 👈😎👈Zoop👉😎👉Zoop … 👈😎👈Zoop👉😎👉Zoop 👈😎👈Zoop👉😎👉Zoop 👈😎👈Zoop👉😎👉Zoop 👈😎👈Zoop http://zoop.wpictf.xyz made by: ollien Exploring So seems it starts with a web page. Let’s take a look first. This looks like a IM, and a friend talks about sending a file from a website http://storage.zoop. Let’s poke around. When I click on “Attach” button, a dialog shows up. It allows me to input a URL of the storage.…more

CSEC CTF: Missing

Apr 12, 2020

Challenge Info This is a challenge from the UTS Cyber Security Society (CSEC) Semester-long CTF for 2020 Autumn session. Link: here Poking around So the description gave us a URL (http://128.199.239.130:8007). No reason not to start here, right? And we got: Hmmm… Seems a newly set up Apache server, running a Ubuntu machine, without even serving a proper page. Not quite informative. Nothing in the page source, either :(…more