ky28059 / SDCTF 2025 triglot writeup.md

Last active May 13, 2025 01:05

SDCTF 2025 — triglot

You think you know programming? You think you know languages? heh... as if 🙄

Come back to me when you can write a program that runs in the 3 deadly P's: Perl, Python, and (P)Javascript

Connect with nc -q 2 -N 52.8.15.62 8001

Flag is located at ./flag.txt

ky28059 / Hack the Madness CTF Round 2 broken production writeup.md

Created March 9, 2025 21:09

Hack the Madness CTF Round 2 — broken production

Our PHP devs are working on this employee management portal. We have a mock build of the website and you are to pentest the platform for weaknesses. Your goal is to get more privileges and command execution on the server.

We're given a PHP server that looks like this:

<?php
spl_autoload_register(function ($name){
    if (preg_match('/Controller$/', $name))
    {
        $name = "controllers/${name}";

ky28059 / PwnMe CTF Quals 2025 Hack the bot 1 writeup.md

Created March 1, 2025 17:14

PwnMe CTF Quals 2025 — Hack the bot 1

I've developed a little application to help me with my pentest missions, with lots of useful payloads! I even let users add new payloads, but since I was in a rush I didn't have time to test the security of my application, could you take care of it ?

We're given an express server that looks like this:

const express = require('express');
const path = require('path');
const fs = require('fs');
const { spawn } = require('child_process');
const puppeteer = require('puppeteer');

ky28059 / m0leCon Beginner CTF 2024 PIETcture writeup.md

Created December 14, 2024 18:11

m0leCon Beginner CTF 2024 — PIETcture

Paint by Numbers? Or perhaps, compute by pixels?

We're given an image that looks like this:

Based on the challenge name, this is a program written in the esolang Piet. Then, we can import the program into an online Piet IDE and try running it:

ky28059 / LakeCTF '24-'25 Quals VerySusOrganization writeup.md

Created December 7, 2024 21:18

LakeCTF '24-'25 Quals — VerySusOrganization

You have been hired to contribute to a very suspicious project. Follow the link below to get onboard.

https://challs.polygl0ts.ch:8123

We're given access to an organization that looks like this:

Besides the random projects, of note are two repositories:

ky28059 / 1337UP LIVE CTF 2024 Private Github Repository.md

Created November 16, 2024 18:26

1337UP LIVE CTF 2024 — Private Github Repository

Bob Robizillo created a public instructions for Tiffany, so she can start work on new secret project. can you access the secret repository?

We're not given a whole lot to work with. Howver, googling "Bob Robizillo" nets us this public Gist:

Dear Tiffany,

I hope this message finds you well. To streamline our collaboration on the 1337up repository, I kindly ask you to add the enclosed SSH key to your account. This step is crucial for enabling a seamless forking process and enhancing our project efficiency.

ky28059 / 1337UP LIVE CTF 2024 Trackdown 2 writeup.md

Last active November 17, 2024 19:51

1337UP LIVE CTF 2024 — Trackdown 2

We didn't get him in time 😫 Thankfully, we don't believe he's fled the country yet. He uploaded another photo this morning, it's as if he's taunting us! Anyway, this may be our last chance - do you know where he is right now?

We're given an image looking like this:

Plugging it into [reverse image search](https://lens.google.com/search?ep=cntpubb&hl=en-US&re=df&s=4&p=AbrfA8o8ndJA8mzW77Q36tIuTg9ITDsLkb3t5ZxM9JafE8MLO73vvHDwK9WiZlBKirsLeTWhjNfdizJ3YJwLuI6A0PNC_W0fU9nJWYSPg7tJtVZ3GMZRFbtsODSkOd-oI-Mk2mSZt7dPLqKwirEQlcPRIhg8vlhehJXxMsWvs7S3TdjzNU1iQp9emjFXZi5w6CnjGdZWldd8tvpYOKVJDj01QJ7wOQTIQteXyrXI-4CH-Rmgt2qwNZ4Mj3FafagSgoorcgxJUfNEjv-0zoAKtpu8OxKlelfIPznqR8c1110-_qyIfNn4W6d5UJ3yjNwxJIWuGqTgLKqfVTdk#lns=W251bGwsbnVsbCxudWxsLG51bGwsbnVsbCxudWxsLG51bGwsIkVrY0tKRFV6WWpJNU9HWmtMV00yT0RZdE5EUmtOeTFoT0RJeUxUUmpaREprTmpSa01EZzNPQklmU1RSTU9UWmZUMGszTURobWMwNXBYM3AxVm1GWlRWWk1PRWwz

ky28059 / 1337UP LIVE CTF 2024 Pizza Paradise writeup.md

Last active November 17, 2024 19:58

1337UP LIVE CTF 2024 — Pizza Paradise

Something weird going on at this pizza store!!

https://pizzaparadise.ctf.intigriti.io

We're given a simple pizza chain website looking like this:

Looking at the source code, CSS, and images, nothing seems out of the ordinary. However, going to robots.txt,

ky28059 / 1337UP LIVE CTF 2024 Trackdown writeup.md

Created November 15, 2024 22:09

1337UP LIVE CTF 2024 — Trackdown

There's a fugitive on the loose and we need to track him down! He posted this to social media recently, do you know where the photograph was taken from? If you can provide the precise building, we can move in immediately 🚔

We're given an image that looks like this:

Should be simple, right? In the middle of the image, we find a reference to the "Trang Tien Plaza" bringing us right here:

ky28059 / DEADFACE CTF 2024 Target List 1 writeup.md

Last active October 31, 2024 04:32

DEADFACE CTF 2024 — Target List 1

Deadface is running a server where they have a list of targets they are planning on using in an upcoming attack. See if you can find any targets they are trying to hide.

http://targetlist.deadface.io:3001

We're given a simple website that looks like this:

On each "page", we can find records that begin with "A", "B", and "C":

Kevin Yu ky28059