ångstrom CTF 2021 - Oracle of Blair [crypto]

  • Competition: ångstrom CTF 2021
  • Challenge Name: Oracle of Blair
  • Type: Crypto
  • Points: 160 pts
  • Description:

    Not to be confused with the ORACLE of Blair. nc crypto.2021.chall.actf.co 21112. Author: lamchcl

AES-CBC decryption oracle where attacker can have the server include the flag at any position in the ciphertext.

Read more...

ångstrom CTF 2021 - substitution [crypto]

  • Competition: ångstrom CTF 2021
  • Challenge Name: substitution
  • Type: Crypto
  • Points: 130 pts

This challenge involves solving analyzing polynomials over a Galois field.

Read more...

ångstrom CTF 2021 - I'm so random [crypto]

  • Competition: ångstrom CTF 2021
  • Challenge Name: I’m so random
  • Type: Crypto
  • Points: 100 pts
  • Description:

    Aplet’s quirky and unique so he made my own PRNG! It’s not like the other PRNGs, its absolutely unbreakable!

This challenge involves a very broken PRNG.

Read more...

Shakti CTF 2021 - Art Gallery 2 [web]

  • Competition: Shakti CTF 2021
  • Challenge Name: Art Gallery 2
  • Type: Web
  • Points: 300 pts
  • Description:

    I’m on the way to open my very own Art Gallery http://34.66.139.33/. I can allow you to take a peak if you want. But not everyone though. Author: Nimisha

Exploiting a boolean SQLi without WHERE or the characters & and = using REGEXP and the albatar framework.

Read more...

UMass CTF 2021 - replme [pwn]

  • Competition: UMass CTF 2021
  • Challenge Name: replme
  • Type: pwn
  • Points: 500 pts
  • Description:

    Description: I found this new programming language and wanted people to be able to try it out. http://34.72.244.178:8085

I didn’t play the CTF, but the replme task caught my attention. The challenge was about exploiting the interpreter for the Janet Language. As I like interpreters and had written some exploits for other interpreters in the past, I decided to take a look at this task after the CTF ended.

Running the interpreter reveals the version.

./janet 
Janet 1.1.0-dev-6887dd05  Copyright (C) 2017-2019 Calvin Rose
janet:0:> 

Read more...