ky28059 / iCTF 2023 Mystical Castle writeup.md

Last active December 9, 2023 00:09

iCTF 2023 — Mystical Castle

In the mystical realm of Eldoria, a land shrouded in legends and whispered secrets, there lived a young adventurer named Alex. With a heart full of curiosity and a spirit as wild as the wind, Alex had always been drawn to the tales of old, the kind that grandparents would recount by the flickering fireside on starless nights. Among these tales, one stood out - the story of the ancient Castle of Shadows, a place where time seemed to stand still, and where every corridor and chamber held a secret waiting to be uncovered.

...

Find a way to reach The Forbidden Throne Room using two parts of the book discovered in the Whispering Gallery, namely 'castle_domain.pddl' and 'castle_problem_poem.pddl'.

Once you found a plan to escape the castle, your flag content is the first two letters of each room visited in order.

We're given two .pddl files:

ky28059 / iCTF 2023 CI Ninja 2 writeup.md

Last active December 9, 2023 00:08

iCTF 2023 — CI Ninja 2

Oh no, my exploit does not work anymore! Something's not quite right with these "available functions". Can you help me figure it out?

nc 0.cloud.chals.io 32660

We connect to a similar server as part 1, except now the prompt looks like

ky28059 / iCTF 2023 Stop the model thief writeup.md

Created December 8, 2023 04:34

iCTF 2023 — Stop the model thief!

To steal an ML model, an attacker often sends 'very similar versions' of the same image, which tells the attacker how the model reacts to very small changes in the input. You realized that an attacker might be trying to steal your image classification model. You're given two files - [1::model_queries.npy] a list of images that your model received as inputs and [2::user_query_indices.txt] a list of image indices (starts from zero) in [1] sent to your model by each user-id. In [2], each line contains the indices from a different user-id (e.g., the very first line is user-id 0, the second line is user-id 1). Can you help us find the attacker's user-ids (there are 20 of them)? Note:: if there were 4 attacker user-ids (e.g., 82,54,13,36), the flag will be 'ictf{13,36,54,82}' (sorted, no quotes).

We know that each attacker user-id has sent at least 5 near-duplicate attack images.

We're given a bunch of 32x32 "query" images, as well as a list of images sent by each user. O

ky28059 / TetCTF 2024 Stress Release Service writeup.md

Last active May 20, 2024 13:11

TetCTF 2024 — Stress Release Service

For a better New Year, we are introducing a service that can help you reduce stress: http://192.53.173.71:8080 . As our service is only available during the New Year, we are also providing you with a code for later use in material section.

We are given a PHP server that looks like this:

<br><center>
<font size=5 color=red >STRESS RELEASE SERVICE</font>
<br><br><br>
To relieve all your stress from the old year, all you need is SHOUTTTTTT!!!!
<br><br><br>

ky28059 / DiceCTF 2024 zshfuck writeup.md

Created February 3, 2024 04:01

DiceCTF 2024 — zshfuck

may your code be under par. execute the getflag binary somewhere in the filesystem to win

nc mc.ax 31774

We're given a zsh script that looks like this:

#!/bin/zsh
print -n -P "%F{green}Specify your charset: %f"
read -r charset

ky28059 / 0xL4ugh CTF 2024 MyVault writeup.md

Last active February 10, 2024 20:46

0xL4ugh CTF 2024 — MyVault

Welcome to our secure vault !

We're given an APK file that decompiles to, among other things,

    package com.tarek.myvault;

import android.os.Bundle;
import android.widget.Button;
import android.widget.EditText;

ky28059 / BITSCTF 2024 Just Wierd Things.md

Last active February 18, 2024 18:08

BITSCTF 2024 — Just Wierd Things

You have the power to change some things. Now will you be mogambro or someone else?

You might stumble across some red herrings...

We're given an express server that looks like this:

const express = require('express');
const cookieParser = require('cookie-parser');
const path = require('path');

ky28059 / LA CTF 2024 gacha writeup.md

Created February 17, 2024 08:07

LA CTF 2024 — gacha

All my friends have been getting into genshin and honkai recently and keep sending me pictures. However, they keep hiding their favorite characters, demanding for more money for their gacha pulls.

Can you free zhongli my waifu???

We're given three PNG files:

owo.png

ky28059 / LA CTF 2024 jsfudge writeup.md

Created February 17, 2024 21:04

LA CTF 2024 — jsfudge

JsFudge this JsFudge that, why don't you JsFudge the flag.

nc chall.lac.tf 31130

We're given a JavaScript server that, when cleaned up, looks like this:

#!/usr/local/bin/node
const runCode = (code) => {
    const allowed = new Set('()+[]!');

ky28059 / LA CTF 2024 my poor git writeup.md

Created February 17, 2024 22:08

LA CTF 2024 — my poor git

My poor git server! I think someone took a hammer to the server and ruined a few of the files!

The git repo is available at /flag.git

poor-git.chall.lac.tf

We're given a git server with repo at /flag.git. Fetching /flag.git/HEAD, we get

ref: refs/heads/main

Kevin Yu ky28059