Published on 11/03/2023 20:00 by Tim Sidie
Introduction
I recently participated in a CTF after not having attempted one for a bit. I wanted to brush up on skills related to developing secure web applications. Despite starting late and working into the early morning, I placed in the top 17% of participants, with 1232 total points. I’d like to review my work and maybe could be a resource for future CTF participants.
The Challenges
I finished a number of challenges, titled thusly:
- YSON
- Nine-One-Sixteen
- Finders Keepers
- Rusty
- Jott
- Unhackable Andy
- Back the Hawks
- Repo Recon
Some I feel like I made significant progress on, but got stuck and shifted to another problem to finish as many as I could. I took the tactic I believe is suggested for students taking the SAT: if a problem is taking too much time, move on and revisit when possible.
- Quick Maths
- Color Profile
- Unhackable Andy II
YSON
YSON was a challenge using an existing library to exploit a conversion from YAML to JSON. This challenge required a specific escape sequence to, as I would put it, jailbreak out of the process and execute arbitrary commands.
Nine-One-Sixteen
Finders Keepers
Rusty
Jott
Unhackable Andy
Back the Hawks
Repo Recon
Quick Maths
Color Profile
Unhackable Andy II
Written by Tim Sidie
← Back to blog