CTF Writeups

My CTF writeups! This should include most of my writeups, although I am always in the process of adding new ones.

Some things to note:

• All writeups under the year 1337 are writeups from competitions I did not participate in, and can be pretty random.

• The category, if not listed in the URL, is always the first tag of the challenge.

• You can search by challenge tag or even for a competition by clicking on the search symbol to the left.

---

1337

picoCTF
• Babygame01
  [100] <pwn/> <out-of-bounds/>
• Buffer Overflow 2
  [300] <pwn/> <buffer-overflow/> <ret-to-win/> <args-on-stack/> <gets/>
• Buffer Overflow 3
  [300] <pwn/> <buffer-overflow/> <stack-canary/> <ret-to-win/> <byte-by-byte/>
• Flag Leak
  [300] <pwn/> <format-strings/> <%p/>
• Rps
  [200] <pwn/> <strstr/>
• X Sixty What
  [200] <pwn/> <x64/> <buffer-overflow/>
• Aes Abc
  [400] <crypto/> <aes/>
• B00tl3grsa2
  [400] <crypto/> <rsa/>
• B00tl3grsa3
  [450] <crypto/> <rsa/> <multi-prime/>
• College Rowing Team
  [250] <crypto/> <rsa/> <unpadded/>
• Compress And Attack
  [130] <crypto/> <zlib/> <Salsa20/> <brute-force/>
• John Pollard
  [500] <crypto/> <rsa/> <certificate/>
• Mini Rsa (both)
  [300] <crypto/> <rsa/> <brute-force/> <small-e/>
• New Vignere
  [300] <crypto/> <vigenere/> <bits/>
• Nsa Backdoor
  [500] <crypto/> <diffie-hellman/> <rsa/> <smooth-primes/> <pollard-attack/>
• Rsa Pop Quiz
  [200] <crypto/> <rsa/>
• Scrambled Rsa
  [140] <crypto/> <rsa/> <brute-force/> <byte-by-byte/>
• Sra
  [400] <crypto/> <rsa/> <factorization/> <brute-force/>
• Sum O Primes
  [400] <crypto/> <rsa/>
• Very Smooth
  [300] <crypto/> <rsa/> <smooth-primes/> <pollard-attack/>
• Waves Over Lambda
  [300] <crypto/> <monoalphabetic-substitution/>
• Operation Oni
  [300] <forensics/> <disk/> <permissions/>
• Operation Orchid
  [400] <forensics/> <disk/> <openssl/>
• Sidechannel
  [400] <forensics/> <side-channel/> <timing/>
• Whitepages
  [250] <forensics/> <unicode/> <binary/>
• Otp Implementation
  [300] <rev/> <otp/> <byte-by-byte/>
• Reverse Cipher
  [300] <rev/>
• Irish Name Repo 1
  [300] <web/> <sql-injection/>
• Irish Name Repo 2
  [350] <web/> <sql-injection/>
• Irish Name Repo 3
  [400] <web/> <sql-injection/> <curl/>
• Roboto Sans
  [200] <web/> <robots.txt/>
• Secrets
  [200] <web/> <curl/>

2023

1337UP LIVE CTF 2023
• Keyless
  [100] <crypto/> <rev/>
• Not So Smooth
  [408] <crypto/> <xor/> <modular-arithmetic/>
• Really Secure Apparently
  [100] <crypto/> <rsa/> <wiener/>
• Flag Checker
  [100] <rev/> <rust/> <brute-force/>
• Obfuscation
  [100] <rev/> <obfuscation/> <xor/>
• Encoding
  [50] <warmup/> <encoding/> <base32/> <base64/> <hex/> <morse/>
• Flag Extraction
  [50] <warmup/> <rar/> <zip/> <binwalk/>
• Over The Wire 1
  [50] <warmup/> <network/> <wireshark/> <ftp/>
• Over The Wire 2
  [50] <warmup/> <network/> <wireshark/> <stego/> <lsb/>

Newport Blake CTF 2023
• Gym
  [438] <algo/> <greedy/>
• 32+32=64
  [100] <crypto/> <base64/>
• Caesar Salads
  [100] <crypto/> <caesar/>
• Rivest Shamir Forgot Adleman
  [349] <crypto/> <rsa/> <broken-rsa/>
• Sbg Abw's Insanity
  [432] <crypto/> <rsa/>
• Do You Hear That
  [241] <misc/> <forensics/> <audio-forensics/>
• Not Accepted
  [365] <misc/> <codeforces/>
• Babbling About
  [401] <osint/> <babel/>
• Linkedout 1
  [352] <osint/> <hex/>
• Linkedout 3
  [420] <osint/> <hex/>
• Persona
  [261] <osint/> <wayback-machine/>
• Webcam
  [429] <osint/> <google-maps/>
• Crisscross
  [446] <rev/> <bits/>
• Itchy Scratchy
  [464] <rev/> <Scratch/> <brute-force/>
• Shifty Sands
  [476] <rev/> <maze/>
• Inspector Gadget
  [100] <web/> <inspect/>
• Secret Tunnel
  [264] <web/> <localhost/> <url-encoding/>
• Walter's Crystal Shop
  [241] <web/> <SQLi/> <sql-union/>

Hackappatoi CTF 2023
• Escape From Italy
  [310] <misc/> <py-jail/> <ruby-jail/>
• Italian Mail
  [50] <osint/> <google-maps/>
• The First Horseman
  [50] <rev/> <pyc/> <rot13/>
• The Four Horseman
  [50] <rev/> <rot13/>
• Lemons
  [50] <web/> <robots.txt/>

ping CTF 2023
• Hard Work
  [50] <crypto/> <encoding/>
• Lame Lame Loser
  [50] <crypto/> <lll/>
• Old Friend From The Past
  [50] <crypto/> <caesar/>
• Private Conversation
  [50] <crypto/> <encoding/> <obfuscation/>
• Inside Bear
  [50] <misc/> <binwalk/> <audio-forensics/> <spectrogram/>
• Imag Ine An Elf
  [170] <rev/> <lsb/>
• Noodle Nightmare
  [50] <rev/> <obfuscation/>
• Ziggarettes
  [50] <rev/>
• Path Traversal 101
  [50] <web/> <robots.txt/> <path/>
• Youtube Trailer
  [50] <web/> <curl/>

Cyber Cooperative CTF 2023
• Slots
  [250] <crypto/> <randcrack/>
• Babyhide
  [100] <forensics/> <binwalk/>
• Funding Secured
  [200] <forenics/> <lsb/> <binwalk/>
• Lost At Sea
  [100] <forensics/> <wireshark/>
• Crashme
  [100] <pwn/> <buffer-overflow/> <segfault/>
• Medbof
  [200] <pwn/> <buffer-overflow/> <ret2win/>
• Bunker
  [100] <rev/> <jar/>
• Dis
  [300] <rev/> <bytecode/>
• Easycrack
  [200] <rev/>

2024

Iris CTF 2024
• Baby Charge
  [50] <crypto/> <chacha20/> <oracle/>
• Integral Communication
  [197] <crypto/> <aes/> <aes-cbc/> <oracle/> <json/>
• Name That Song 3
  [435] <misc/> <reverse-audio-search/>
• Sir Scope
  [280] <misc/> <brute-force/>
• Wheres Skat
  [50] <network/> <osint/> <wifi/>
• Away On Vacation
  [50] <osint/> <instagram/>
• Czech Where
  [50] <osint/> <reverse-image-search/>
• Personal Breach
  [50] <osint/> <instgram/> <linkedin/> <facebook/>
• Insanity Check
  [50] <pwn/> <buffer-overflow/> <ret2win/>
• Rune Whats That
  [50] <rev/> <go/>
• The Johnsons
  [50] <rev/> <logic/>
• Whats My Password
  [50] <web/> <sqli/> <union/>

UofT CTF 2024
• Clever Thinking
  [442] <crypto/> <ecc/> <smarts-attack/>
• Piano Man
  [324] <crypto/> <rsa/>
• Repeat
  [100] <crypto/> <xor/>
• Enable Me
  [358] <forensics/> <microsoft-office/>
• Secret Message 1
  [100] <forensics/>
• Babys First Iot Flag 1
  [100] <iot/> <fcc-lookup/>
• Babys First Iot Flag 2
  [100] <iot/> <reverse-image-search/>
• Babys First Pyjail
  [100] <jail/> <pyjail/> <blacklist/>
• Out Of The Bucket
  [100] <misc/> <Google-storage/>
• Flying High
  [100] <osint/>
• Basic Overflow
  [100] <pwn/> <ret2win/> <buffer-overflow/>
• Patched Shell
  [250] <pwn/> <ret2win/> <buffer-overflow/>

Dice CTF Quals 2024
• Winter
  [116] <crypto/> <winternitz/> <signature/>
• Zshfuck
  [127] <misc/> <jail/> <zsh/>
• Dicedicegoose
  [105] <web/> <inspect/>

0xL4ugh CTF 2024
• Poison
  [280] <crypto/> <elliptic-curve/>
• Rsa Gcd
  [50] <crypto/> <rsa/> <gcd/>

Vishwa CTF 2024
• Bitbane Cryptic Chaos
  [606] <crypto/> <brute-force/>
• Intellectual Heir
  [500] <crypto/> <rsa/>
• Lets Smother The King
  [300] <crypto/> <esoteric-language/>
• Poly Fun
  [300] <crypto/>
• Tevyat Tales
  [300] <crypto/> <decoder/> <enigma/>

Wolv CTF 2024
• Crypto Two Time Pad
  [50] <beginner/> <crypto/> <otp/>
• Crypto Yors Truly
  [50] <beginner/> <crypto/> <xor/>
• Forensics Hidden Data
  [50] <beginner/> <forensics/> <strings/>
• Osint Redditor
  [50] <beginner/> <osint/>
• Pwn Babypwn
  [50] <beginner/> <pwn/> <buffer-overflow/>
• Pwn Babypwn2
  [50] <beginner/> <pwn/> <buffer-overflow/> <ret2win/> <gets/>
• Rev Babyre
  [50] <beginner/> <rev/> <strings/>
• Rev Shredded
  [50] <beginner/> <rev/> <brute-force/> <byte-by-byte/>
• Web The Gauntlet
  [50] <beginner/> <web/>
• Blocked 1
  [100] <crypto/> <aes/> <aes-cbc/> <oracle/>
• Blocked 2
  [285] <crypto/> <aes/> <oracle/> <roll-your-own/>
• Limited 1
  [100] <crypto/> <random/>
• Limited 2
  [152] <crypto/> <random/> <time/>
• Tag Series 1
  [253] <crypto/> <aes/> <aes-ecb/> <oracle/>
• Tag Series 3
  [350] <crypto/> <hash/> <sha1/> <length-extension-attack/>
• Made Sense
  [100] <misc/> <jail/> <makefile/>
• Wolphv I Reconaissance
  [100] <osint/>

Jersey CTF IV 2024
• Aces Aes
  [1000] <crypto/> <aes/> <osint/>
• Adversary
  [568] <crypto/> <rsa/>
• Attn Agents
  [50] <crypto/> <caesar/>
• Mutant Mayhem
  [997] <crypto/> <ecc/> <secp256k1/> <signature/>
• Vibrations
  [990] <forensics/> <network/> <wireshark/> <tcp/> <modbus/>
• Cyber Daddy
  [750] <osint/> <instagram/>
• The Golden Falcon And The Rugged Lands
  [1000] <osint/>

Texsaw CTF 2024
• Freaky Flags
  [50] <crypto/> <rgb/>
• Prison Italiano
  [200] <misc/> <pyjail/>
• Geo Location
  [50] <osint/>
• Sherlock
  [100] <osint/> <vigenere/>
• Ask And It Shall Be Given To You
  [250] <web/> <robots.txt/> <error/> <post/>
• Extreme Security
  [50] <web/> <headers/>
• Over 9000
  [50] <web/> <post/>

UT CTF 2024
• Beginner Anti Dcode.fr
  [100] <crypto/> <caesar/>
• Cryptordle
  [772] <crypto/> <math/>
• Numbers Go Brr 2
  [831] <crypto/> <random/> <aes/> <oracle/>
• Numbers Go Brr
  [481] <crypto/> <random/> <aes/> <oracle/>
• Rsa 256
  [100] <crypto/> <rsa/>
• Simple Signature
  [908] <crypto/> <signature/> <forgery/>
• Gibberish
  [987] <forensics/> <network/> <stenography/>
• Ccv
  [912] <misc/> <credit-cards/>

UMD CTF 2024
• Triple Des
  [484] <crypto/> <des/> <3des/> <padding-oracle/>
• Mentat Question
  [432] <pwn/> <buffer-overflow/> <gets/> <format-string/> <ret2win/> <PIE/>

squ1rrel CTF 2024
• Lazy Rsa
  [110] <crypto/> <rsa/> <factordb/>
• Partial Rsa
  [450] <crypto/> <rsa/> <coppersmith/> <stereotyped-message-attack/>
• Rsa Rsa Rsa
  [182] <crypto/> <rsa/> <hastad-broadcast-attack/>
• Squ1rrel Lottery
  [469] <crypto/>
• Squ1rrel Treasury
  [448] <crypto/> <aes/> <cbc/>