Skip to content

Instantly share code, notes, and snippets.

View ky28059's full-sized avatar
🥰

Kevin Yu ky28059

🥰
79 followers · 122 following
View GitHub Profile
@ky28059
ky28059 / PatriotCTF 2024 Really Only Echo writeup.md
Last active September 23, 2024 00:53

PatriotCTF 2024 — Really Only Echo

Hey, I have made a terminal that only uses echo, can you find the flag?

nc chal.competitivecyber.club 3333

We're given a Python server that looks like this:

#!/usr/bin/python3

import os,pwd,re
@ky28059
ky28059 / PatriotCTF 2024 Blob writeup.md
Last active September 23, 2024 20:18

PatriotCTF 2024 — Blob

blob says: blob

http://chal.competitivecyber.club:3000

We're given an express server that looks like this:

require("express")()
  .set("view engine", "ejs")
  .use((req, res) => res.render("index", { blob: "blob", ...req.query }))
@ky28059
ky28059 / PatriotCTF 2024 Let's Play [steg]Hide & Seek writeup.md
Last active September 22, 2024 23:10

PatriotCTF 2024 — Let's Play [steg]Hide & Seek

Not much of a backstory here... there is an embedded flag in here somewhere, your job is to find it.

We're given a "QR code mosaic" looking like this:

qr_mosaic

Plugging it into Aperi'Solve, we can extract a patriotCTF.bmp resembling the logo on their website:

image

@ky28059
ky28059 / jailCTF 2024 jellyjail writeup.md
Created September 14, 2024 03:34

jailCTF 2024 — jellyjail

how can one golf with jelly if it just explodes when you hit it with a large metal golf club?

nc challs1.pyjail.club 5999

We're given a Python server that looks like this:

#!/usr/local/bin/python3
# https://github.com/DennisMitchell/jellylanguage/tree/70c9fd93ab009c05dc396f8cc091f72b212fb188
from jellylanguage.jelly.interpreter import jelly_eval
@ky28059
ky28059 / CSAW'24 Quals I like it RAW writeup.md
Last active September 14, 2024 19:18

CSAW'24 Quals — I like it RAW

Seems like medium rare just isn't my taste.

We're given 3 files: a raw camera image,

out

(the above image is actually the "Preview Image" due to file size; the actual image is 19 MB)

a file named secret.png,

@ky28059
ky28059 / CyberSpace CTF 2024 trendz + trendzzz writeup.md
Last active September 1, 2024 22:28

CyberSpace CTF 2024 — trendz(zz)?

The latest trendz is all about Go and HTMX, but what could possibly go wrong? A secret post has been hidden deep within the application. Your mission is to uncover it.

Notice anything off in this application? If you suspect something is wrong, report it to the superadmin. You never know what secrets might be uncovered.

nc trendz-bot.challs.csc.tf 1337

We're given a Go server that looks like this:

package main
@ky28059
ky28059 / CyberSpace CTF 2024 Game with Rin writeup.md
Last active September 1, 2024 22:28

CyberSpace CTF 2024 — Game with Rin

Nanakura Rin, a very skilled gamer, took one of the flags. You need to defeat her 200 times to get the flag back.

nc game-with-rin.challs.csc.tf 1337

We're given a Python server that looks like this:

from basement_of_rin import NanakuraRin, flag, generate_graph

import time
@ky28059
ky28059 / CyberSpace CTF 2024 SKK? writeup.md
Created August 31, 2024 22:53

CyberSpace CTF 2024 — SKK?

What have you done to my flag?

We're given an encoded image of the flag

enc

and an encoder script that looks like this:

import numpy as np
@ky28059
ky28059 / corCTF 2024 msfrogofwar3 writeup.md
Last active August 12, 2024 04:04

corCTF 2024 — msfrogofwar3

image

We're given a Flask server that looks like this:

from flask import Flask, request, render_template
from flask_socketio import SocketIO, emit
from stockfish import Stockfish
import random
@ky28059
ky28059 / UIUCTF 2024 Log Action writeup.md
Last active July 1, 2024 19:39

UIUCTF 2024 — Log Action

I keep trying to log in, but it's not working :'(

http://log-action.challenge.uiuc.tf/

We're given a simple Next.js + Next Auth site with a simple login / logout implementation:

"use client";
import { useFormStatus, useFormState } from "react-dom";
import { authenticate } from "@/lib/actions";