ky28059

UIUCTF 2024 — An Unlikely Partnership

It appears that the Long Island Subway Authority (LISA) has made a strategic business partnership with a surprise influencer! See if you can figure out who.

This is part two of a three-part OSINT suite including Hip With the Youth,

An Unlikely Partnership, and The Weakest Link. This challenge is possible without Hip With the Youth but will be easier if you start there.

• Part 1
• Part 3

ky28059

UIUCTF 2024 — Hip With the Youth

The Long Island Subway Authority (LISA), in an attempt to appeal to the younger generations, has begun experimenting with social media! See if you can find a way to a flag through their Instagram.

This is part one of a three-part OSINT suite including Hip With the Youth, An Unlikely Partnership, and The Weakest Link. I recommend starting here!

• Part 2
• Part 3

Searching "Long Island Subway Authority" on Instagram brings us to this page:

ky28059

UIUCTF 2024 — Night

That was quite a pretty night view, can you find where I took it? Flag format: uiuctf{street name, city name} Example: uiuctf{East Green Street, Champaign}

Some words are blurred out to make the challenge harder, hopefully.

Flag format clarification: Use the full type, e.g. Avenue, Street, Road, etc., and include a space between the comma and city name.

We're given this photo of a street at night:

ky28059

UIUCTF 2024 — The Weakest Link

LISA and the secret business partner have a secret Spotify collaboration planned together. Unfortunately, neither of them have the opsec to keep it private. See if you can figure out what it is!

This is part three of a three-part OSINT suite including Hip With the Youth, An Unlikely Partnership, and The Weakest Link. I recommend starting with the other two challenges!

• Part 1
• Part 2

In UIUC-chan's LinkedIn contact info, we can find a link to her Spotify:

ky28059

UIUCTF 2024 — Log Action

I keep trying to log in, but it's not working :'(

http://log-action.challenge.uiuc.tf/

We're given a simple Next.js + Next Auth site with a simple login / logout implementation:

"use client";
import { useFormStatus, useFormState } from "react-dom";
import { authenticate } from "@/lib/actions";

ky28059

corCTF 2024 — msfrogofwar3

We're given a Flask server that looks like this:

from flask import Flask, request, render_template
from flask_socketio import SocketIO, emit
from stockfish import Stockfish
import random

ky28059

CyberSpace CTF 2024 — SKK?

What have you done to my flag?

We're given an encoded image of the flag

and an encoder script that looks like this:

import numpy as np

ky28059

CyberSpace CTF 2024 — Game with Rin

Nanakura Rin, a very skilled gamer, took one of the flags. You need to defeat her 200 times to get the flag back.

nc game-with-rin.challs.csc.tf 1337

We're given a Python server that looks like this:

from basement_of_rin import NanakuraRin, flag, generate_graph

import time

ky28059

CyberSpace CTF 2024 — trendz(zz)?

The latest trendz is all about Go and HTMX, but what could possibly go wrong? A secret post has been hidden deep within the application. Your mission is to uncover it.

Notice anything off in this application? If you suspect something is wrong, report it to the superadmin. You never know what secrets might be uncovered.

nc trendz-bot.challs.csc.tf 1337

We're given a Go server that looks like this:

package main

ky28059

CSAW'24 Quals — I like it RAW

Seems like medium rare just isn't my taste.

We're given 3 files: a raw camera image,

(the above image is actually the "Preview Image" due to file size; the actual image is 19 MB)

a file named secret.png,