arkark

DiceCTF 2024 Quals

• CTFtime: https://ctftime.org/event/2217/

web/dicedicegoose

• 445 solves / 105 points

Just cheat.

arkark

LA CTF 2024

I solved all web and some misc challenges. This gist shows my solvers for two hard web challenges: quickstyle and biscuit-of-totality.

• CTFtime: https://ctftime.org/event/2102
• Official repository: https://github.com/uclaacm/lactf-archive/tree/main/2024

web/quickstyle

• Author: r2uwu2

arkark

bi0sCTF 2024

I solved two web challenges: required notes and required notes revenge. Although the intened solution is XS-Leak, I found RCE solution even for the revenge challenge!

• CTFtime:
  • https://ctftime.org/event/2117/
• An author solution for required notes:
  • https://gist.github.com/Ze-Pacifist/9bcd1072a62bbc5850322878b21bc8c8
  • It uses a leak technique described in https://infosec.zeyu2001.com/2023/from-xs-leaks-to-ss-leaks.

arkark

osu!gaming CTF 2024

• CTFtime: https://ctftime.org/event/2165

web/profile-page-revenge

• 10 solves / 334 points
• Author: strell

1. Make a malicious profile:

arkark

LINE CTF 2024

• CTFtime: https://ctftime.org/event/2119

[web] one-time-read

• 8 solves / 305 points

Summary

arkark

ångstromCTF 2024

• CTFtime: https://ctftime.org/event/2375
• Repository: https://github.com/blairsec/challenges/tree/master/angstromctf/2024

web/tickler

Polyglot-like solution with MIME type vs. JavaScript

I expect that the intended solution is to prepare a server that returns a crafted Content-Type header. However, I solved this challenge without preparing the server :)

arkark

🚨 I uploaded files to my repository: https://github.com/arkark/my-ctf-challenges/tree/main/challenges/202409_IERAE_CTF_2024/web/leakleakleak

Leak! Leak! Leak! - IERAE CTF 2024

• CTFtime: https://ctftime.org/event/2441/

Challenge

You can download challenge files from: leakleakleak.tar.gz