GlacierCTF2024 - ksmaze
ksmaze is a linux kernel related challenge I authored in GlacierCTF2024. It had 1 solve 2h before the end of the 24h CTF. It categorizes in the hard side of the challenges. You have the original CTFd distfile with a locally deployable version in [3] The challenge is an unprivileged SSH instance of qemu running a custom rootfs and kernel: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 [ecomaikgolf@laptop ~/]$ nc 78.
GlacierCTF2024 - Schrödinger Compiler
Schrödinger Compiler is a C++ compiler related challenge I authored in GlacierCTF2024. It had 19 solves 3h before the end of the 24h CTF. It categorizes in the medium side of the challenges. You have the original CTFd distfile with a locally deployable version in [1] The challenge is jailed per connection and has the following behaviour: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 #!
GlacierCTF2024 - typstastic
typstastic is a typst related challenge I authored in GlacierCTF2024. It had 50 solves 3h before the end of the 24h CTF. It categorizes in the easier side of the challenges. You have the original CTFd distfile with a locally deployable version in [1] The challenge is jailed per connection and has the following behaviour: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 #!
R3CTF - Thief Writeup
This was an easy challenge related to Computer Vision: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 import torch from torch import nn import torchvision import torchvision.
R3CTF - h1de@ndSe3k 2 Writeup
This is a second stage of the “hidenandseek” R3CTF challenge. In this case we have that ben, the NPC with the flag: Is invisible Randomly teleports between (0, -50, 0) (512, 50, 512) newtp only works in “ben’s range” The main issue is that the teleportation range is much wider now, we can’t have many tries. Sitting there and waiting for ben to appear wasted some time, he only spawned a few times and was too far away.
R3CTF - hideandseek Writeup
This challenge involves a Minecraft server where an NPC is teleported each 10 seconds randomly in the (0, 0, 0) (128, -50, 128) range. You have a command /newtp X Y Z that lets you teleport. One of the main issues is that the NPC tends to suffocate as it spawns generally between blocks without any space (it doesn’t check for an empty space to teleport to). In this challenge we got a bit lucky and found the NPC without the need of an script as we got him in a big cave.
R3CTF - r1system Writeup
This challenge was the continuation of r0system and also wasn’t involved with crypto that much. I still don’t know if they release r1system as the “real” final stage of r0system but they had a mistake or if the mistake was actually intended: 1 2 3 4 5 elif option == 3: username = bytes.fromhex(input(b"Username[HEX]: ".decode())) if username == AliceUsername or username == AliceUsername: print(b"You can't!") return r1system had a few differences from r0system, the main one was being able to send messages through the “PublicChannel”.
R3CTF - r0system Writeup
This challenge wasn’t that much about crypto. You had a login system via passwords and you can also register new users. After you registered a new user you could reset the password, here was the misuse, as you could reset the password from other users. There was also a functionality that printed the private and public keys of the users. So you had to register a new user, reset the password from Alice and Bob and then log as them.
luksury Writeup - Insomnihack Final 2024
This post shows the writeup for the “luksury” challenge from he Insomnihack Final of 2024. Challenge consisted in a LUKS2 encrypted disk image you had to bruteforce: 1 2 [ecomaikgolf@laptop ../insomnihack/luks/]$ file disk.img disk.img: LUKS encrypted file, ver 2, header size 16384, ID 4, algo sha256, salt 0xad7174d78159f31..., UUID: 6dbc6504-4250-4be3-a6d1-40625f28fcc7, crc 0xc1daabbc4f25841c..., at 0x1000 {"keyslots":{"1":{"type":"luks2","key_size":64,"af":{"type":"luks1","stripes":4000,"hash":"sha256"},"area":{"type":"raw","offse The challenge also clearly hinted the usage of rockyou.txt to bruteforce the password. As it’s LUKS2, we couldn’t directly use hashcash and we used bruteforce-luks as it seemed good & quick enough.