-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
e858180
commit ae3ee46
Showing
17 changed files
with
387 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "orz-larry" | ||
description: "I wrote code to try to solve the problem the omniscient god solved but it was too slow (it works tho!!). Can you help?" | ||
points: 397 | ||
solves: 32 | ||
author: nobody | ||
--- | ||
|
||
yeh' orz-larry.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "aesy" | ||
description: "Please aes-decrypt the flag for me:" | ||
points: 168 | ||
solves: 325 | ||
author: nobody | ||
--- | ||
|
||
yeh' aesy.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "javajail1" | ||
description: "Good luck getting anything to run." | ||
points: 314 | ||
solves: 84 | ||
author: nobody | ||
--- | ||
|
||
yeh' javajail1.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "javajail2" | ||
description: "okay sorry here's a real jail." | ||
points: 361 | ||
solves: 50 | ||
author: nobody | ||
--- | ||
|
||
yeh' javajail2.... it was hard lol |
9 changes: 9 additions & 0 deletions
9
src/content/writeups/amateursctf/2024/jail/pyquinejailgolf.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "pyquinejailgolf" | ||
description: "What about a quine?" | ||
points: 430 | ||
solves: 19 | ||
author: nobody | ||
--- | ||
|
||
yeh' pyquinejailgolf.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "sansomega" | ||
description: "Somehow I think the pico one had too many unintendeds..." | ||
points: 209 | ||
solves: 227 | ||
author: nobody | ||
--- | ||
|
||
yeh' sansomega.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,148 @@ | ||
{ | ||
"kind": "goodUserData", | ||
"message": "The user data was successfully retrieved.", | ||
"data": { | ||
"name": "GerlachSnezka", | ||
"ctftimeId": null, | ||
"division": "hs", | ||
"score": 3493, | ||
"globalPlace": 54, | ||
"divisionPlace": 13, | ||
"solves": [ | ||
{ | ||
"category": "misc", | ||
"name": "survey", | ||
"points": 1, | ||
"solves": 174, | ||
"id": "10a4c3fd-f952-4a59-bbb2-0be2e8d9654c", | ||
"createdAt": 1712638093010 | ||
}, | ||
{ | ||
"category": "web", | ||
"name": "sculpture", | ||
"points": 312, | ||
"solves": 86, | ||
"id": "bcds-web-sculpture", | ||
"createdAt": 1712580246170 | ||
}, | ||
{ | ||
"category": "crypto", | ||
"name": "aesy", | ||
"points": 168, | ||
"solves": 325, | ||
"id": "bcds-crypto-aesy", | ||
"createdAt": 1712525163021 | ||
}, | ||
{ | ||
"category": "algo", | ||
"name": "orz-larry", | ||
"points": 397, | ||
"solves": 32, | ||
"id": "bcds-algo-orz-larry", | ||
"createdAt": 1712497324490 | ||
}, | ||
{ | ||
"category": "jail", | ||
"name": "pyquinejailgolf", | ||
"points": 430, | ||
"solves": 19, | ||
"id": "bcds-jail-pyquinejailgolf", | ||
"createdAt": 1712480594162 | ||
}, | ||
{ | ||
"category": "misc", | ||
"name": "bears-flagcord", | ||
"points": 472, | ||
"solves": 7, | ||
"id": "bcds-misc-bears-flagcord", | ||
"createdAt": 1712434645351 | ||
}, | ||
{ | ||
"category": "osint", | ||
"name": "bathroom-break", | ||
"points": 157, | ||
"solves": 357, | ||
"id": "bcds-osint-bathroom-break", | ||
"createdAt": 1712430420727 | ||
}, | ||
{ | ||
"category": "osint", | ||
"name": "cherry-blossoms", | ||
"points": 200, | ||
"solves": 245, | ||
"id": "bcds-osint-cherry-blossoms", | ||
"createdAt": 1712428816229 | ||
}, | ||
{ | ||
"category": "jail", | ||
"name": "javajail2", | ||
"points": 361, | ||
"solves": 50, | ||
"id": "bcds-jail-javajail2", | ||
"createdAt": 1712356188592 | ||
}, | ||
{ | ||
"category": "jail", | ||
"name": "javajail1", | ||
"points": 314, | ||
"solves": 84, | ||
"id": "bcds-jail-javajail1", | ||
"createdAt": 1712352491778 | ||
}, | ||
{ | ||
"category": "jail", | ||
"name": "sansomega", | ||
"points": 209, | ||
"solves": 227, | ||
"id": "bcds-jail-sansomega", | ||
"createdAt": 1712350333400 | ||
}, | ||
{ | ||
"category": "web", | ||
"name": "agile-rut", | ||
"points": 175, | ||
"solves": 305, | ||
"id": "bcds-web-agile-rut", | ||
"createdAt": 1712349732609 | ||
}, | ||
{ | ||
"category": "web", | ||
"name": "one-shot", | ||
"points": 186, | ||
"solves": 276, | ||
"id": "bcds-web-one-shot", | ||
"createdAt": 1712337959118 | ||
}, | ||
{ | ||
"category": "web", | ||
"name": "denied", | ||
"points": 54, | ||
"solves": 849, | ||
"id": "bcds-web-denied", | ||
"createdAt": 1712332250675 | ||
}, | ||
{ | ||
"category": "misc", | ||
"name": "sanity-check", | ||
"points": 57, | ||
"solves": 823, | ||
"id": "bcds-misc-sanity-check", | ||
"createdAt": 1712330178064 | ||
} | ||
], | ||
"items": ["illaoi"], | ||
"equippedItems": { | ||
"background": { | ||
"id": "illaoi", | ||
"name": "Illaoi", | ||
"description": "kroot keeps saying im into tentacles or something. i dunno i just like illaoi", | ||
"type": "background", | ||
"price": 2100, | ||
"resourceUrl": "https://storage.amateurs.team/uploads/f1814ff221910bc65627c26869ed95332820ff7967b351b6cc48ccd22589cedc/Illaoi_0.jpg", | ||
"resourceName": null | ||
} | ||
}, | ||
"chips": 3914, | ||
"allowedDivisions": ["open", "hs", "ms"] | ||
} | ||
} |
112 changes: 112 additions & 0 deletions
112
src/content/writeups/amateursctf/2024/misc/bears-flagcord.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
--- | ||
title: "bears-flagcord" | ||
description: "We're building the next generation flag sharing social media inside discord! Join us for the fun flag sharing activity, well uhm actually I might need to finish testing my code. Use code 'flag' to get instant access to the flag!" | ||
points: 472 | ||
solves: 7 | ||
author: Jozef Steinhübl | ||
date: April 10 2024 | ||
--- | ||
|
||
## Introduction | ||
|
||
![task](https://raw.githubusercontent.com/GerlachSnezka/amateursctf/main/assets/2024-misc-bears-flagcord.png) | ||
|
||
In this challenge, we got a link to a discord bot that we can use to invite it to our server. The main issue is that after trying to invite the bot, we get an error saying that the integration is private. | ||
|
||
![integration private](https://raw.githubusercontent.com/GerlachSnezka/amateursctf/main/assets/2024-misc-bears-flagcord-integration-private.png) | ||
|
||
## Investigation | ||
|
||
After reading the challenge description again, there's a very important keyword *sharing activity*. This probably means that the app is not a bot, but a [discord activity](https://discord.com/developers/docs/activities/overview) instead. It's a new concept that has been released recently, and it allows developers to create custom voice activities. Don't be fooled by the URL. | ||
|
||
## Solution | ||
|
||
As a [discord dataminer](https://github.com/xhyrom/discord-datamining), my first idea was to fetch the application details using the api because I also missed the description of the challenge. I used the following command to get the application details: | ||
|
||
```bash | ||
curl 'https://canary.discord.com/api/v9/applications/1223421353907064913/public' \ | ||
-H 'authorization: <YOURDISCORDTOKEN_DONT_SHARE_WITH_ANYONE>' \ | ||
-H 'content-type: application/json' \ | ||
--compressed | jq | ||
``` | ||
|
||
And we got the following response: | ||
|
||
```json | ||
{ | ||
"id": "1223421353907064913", | ||
"name": "Bear Flag Social", | ||
"icon": null, | ||
"description": "", | ||
"summary": "", | ||
"type": null, | ||
"is_monetized": false, | ||
"bot": { | ||
"id": "1223421353907064913", | ||
"username": "Bear Flag Social", | ||
"global_name": null, | ||
"avatar": null, | ||
"avatar_decoration_data": null, | ||
"discriminator": "7585", | ||
"public_flags": 0, | ||
"clan": null, | ||
"bot": true, | ||
"banner": null, | ||
"banner_color": null, | ||
"accent_color": null | ||
}, | ||
"hook": true, | ||
"bot_public": false, | ||
"bot_require_code_grant": false, | ||
"integration_types_config": { | ||
"0": {} | ||
}, | ||
"verify_key": "f4ba444d9452d7ed75241c52238e37a1a42594d1e3863b7025f553299c9b2fe6", | ||
"flags": 131072, | ||
"max_participants": null, | ||
"embedded_activity_config": { | ||
"activity_preview_video_asset_id": null, | ||
"supported_platforms": [ | ||
"web" | ||
], | ||
"default_orientation_lock_state": 1, | ||
"tablet_default_orientation_lock_state": 1, | ||
"requires_age_gate": false, | ||
"premium_tier_requirement": null, | ||
"free_period_starts_at": null, | ||
"free_period_ends_at": null, | ||
"client_platform_config": { | ||
"web": { | ||
"label_type": 0, | ||
"label_until": null, | ||
"release_phase": "in_development" | ||
}, | ||
"ios": { | ||
"label_type": 0, | ||
"label_until": null, | ||
"release_phase": "in_development" | ||
}, | ||
"android": { | ||
"label_type": 0, | ||
"label_until": null, | ||
"release_phase": "in_development" | ||
} | ||
}, | ||
"shelf_rank": 2147483647, | ||
"has_csp_exception": false, | ||
"displays_advertisements": false | ||
} | ||
} | ||
``` | ||
|
||
That means we're right, the application is a [discord activity](https://discord.com/developers/docs/activities/overview). Each discord activity can be accessed using `<CLIENTID>.discordsays.com` and the client id is `1223421353907064913`. So we can access the activity using the following link: [https://1223421353907064913.discordsays.com](https://1223421353907064913.discordsays.com). | ||
|
||
![web](https://raw.githubusercontent.com/GerlachSnezka/amateursctf/main/assets/2024-misc-bears-flagcord-web.png) | ||
|
||
We can just put the code `flag` in the input field as the description says and we get the flag. | ||
|
||
``` | ||
amateursCTF{p0v_ac3ss_c0ntr0l_bypass_afd6e94d} | ||
``` | ||
|
||
This challenge was actually from the latest new feature, so I'm glad that `smashmaster` decided to create a challenge about it. I hope you enjoyed it as much as I did. See you in the next one! |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "sanity-check" | ||
description: "wow sanity check go join the discord." | ||
points: 57 | ||
solves: 823 | ||
author: nobody | ||
--- | ||
|
||
yeh' sanity-check.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "survey" | ||
description: "[survey](https://forms.gle/yhv7NoHnkzFPwJbm8)" | ||
points: 1 | ||
solves: 174 | ||
author: nobody | ||
--- | ||
|
||
yeh' survey.... it was hard lol |
9 changes: 9 additions & 0 deletions
9
src/content/writeups/amateursctf/2024/osint/bathroom-break.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "bathroom-break" | ||
description: "I was on an in-state skiing trip with my family when we decided to go out and see some sights. I remember needing to go to the bathroom near where these pictures were taken and then leaving a review. Can you find this review for me?" | ||
points: 157 | ||
solves: 357 | ||
author: nobody | ||
--- | ||
|
||
yeh' bathroom-break.... it was hard lol |
9 changes: 9 additions & 0 deletions
9
src/content/writeups/amateursctf/2024/osint/cherry-blossoms.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "cherry-blossoms" | ||
description: "average southern californian reacts to DC weather. amazing scenery though at the time." | ||
points: 200 | ||
solves: 245 | ||
author: nobody | ||
--- | ||
|
||
yeh' cherry-blossoms.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "agile-rut" | ||
description: "check out this cool font i made!" | ||
points: 175 | ||
solves: 305 | ||
author: nobody | ||
--- | ||
|
||
yeh' agile-rut.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "denied" | ||
description: "what options do i have?" | ||
points: 54 | ||
solves: 849 | ||
author: nobody | ||
--- | ||
|
||
yeh' denied.... it was hard lol |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
--- | ||
title: "one-shot" | ||
description: "my friend keeps asking me to play OneShot. i haven't, but i made this cool challenge!" | ||
points: 186 | ||
solves: 276 | ||
author: nobody | ||
--- | ||
|
||
yeh' one-shot.... it was hard lol |
Oops, something went wrong.