LA CTF 2023 Writeups

CTFtime event link: https://ctftime.org/event/1732

Writeups

• Web:
  • college-tour
  • metaverse
  • uuid hell
  • my-chemical-romance
  • california-state-police (Unsolved)
• Misc:
  • CATS!
  • EBE
• Rev:
  • string-cheese
  • caterpillar
• Pwn:
  • gatekeep

Background

LA CTF is an annual Capture the Flag (CTF) cybersecurity competition hosted by ACM Cyber at UCLA & Psi Beta Rho. LA CTF is open to all skill levels of cybersecurity! Whether you are tackling your first exploit or have professional experience, there will be challenges just right for you! There will be a variety of events ranging from the competition containing jeopardy-style cybersecurity challenges to talks from UCLA professors to fun events such as typing competitions!

• Start: 11 Feb. 2023, 04:00 UTC
• End: 12 Feb. 2023, 22:00 UTC

Categories:

• Crypto
• Misc
• Pwn
• Rev
• Web

Overview

• Solved: 8 (Excluding 10 points challenges)
• Points: 1487
• Rank: 397/980
• Overall Difficulty To Me: ★★★★★★☆☆☆☆

What I’ve learned in this CTF

• Web:
  1. Information Gathering Via View Source Page (college-tour)
  2. Leveraging Stored XSS To Perform CSRF attack (metaverse)
  3. Predicting UUID Version 1 Via Known Nodes & Clock Sequence (uuid hell)
  4. Leaking Mercurial SCM Repository In An Web Application (my-chemical-romance)
  5. california-state-police (Unsolved)
• Misc:
  1. View Image Metadata Via exiftool (CATS!)
  2. Extracting Evil Bit’s Hidden Data (EBE)
• Rev:
  1. Using strings & ltrace To Extract Hidden String (string-cheese)
  2. Reversing Obfuscated JavaScript Code (caterpillar)
• Pwn:
  1. Buffer Overflow Via Dangerous gets() Function (gatekeep)