RITSEC CTF 2023 Writeups

CTFTime event link: https://ctftime.org/event/1860

Writeups

BIN-PWN:
1. ret2win (Unsolved)
Crypto:
1. Either or Neither nor
2. A Fine Cipher
Forensics:
1. Red Team Activity 1 - 4
2. Web of Lies (Unsolved)
3. Missing Piece Part 1 (Unsolved)
Steganography:
1. Weird
2. turtle
Web:
Reversing:
1. Cats At Play
2. Guess the Password?
Chandi Bot:
1. Chandi Bot 1 - 6

Background

Starts: 31 March 2023, 16:00 UTC
Ends: 02 April 2023, 16:00 UTC

RITSEC CTF 2023 is a security-focused competition that features the following categories: BIN\PWN, Crypto, Reversing, Forensics, Web, Misc, and more. We welcome beginners and more advanced security friends! There will be three brackets: RIT students, other college students, and everyone else.

Categories:

BIN-PWN
Crypto
Misc
Forensics
Steganography
Web
Reversing
Chandi Bot

Overview

Solved: 22/42
Score: 3301/9362
Rank: 74/717
Overall Difficulty To Me: ★★★★☆☆☆☆☆☆

What I’ve learned in this CTF

BIN-PWN:
1. ret2win (Unsolved)
Crypto:
1. Many Time Pad XOR (Either or Neither nor)
2. Deciphering Affine Cipher (A Fine Cipher)
Forensics:
1. Analysing Post-Exploitation Activity (Red Team Activity 1 - 4)
2. Web of Lies (Unsolved)
3. Missing Piece Part 1 (Unsolved)
Steganography:
1. Viewing Image With Separate Color (Weird)
2. Viewing Animated GIF Frame By Frame (turtle)
Web:
1. OS Command Injection (Echoes)
2. Inspecting Source Pages (Rick Roll)
3. XML External Entity (XXE) Injection (X-Men Lore)
4. Insecure Deserialization In Python’s Pickle Library (Pickle Store)
5. Leaking Sensentive Information Via Telegram Bot API (Broken Bot)
Reversing:
1. Using strings To List Out All The Strings Inside A File (Cats At Play)
2. Brute Forcing SHA256 Hash With Salt (Guess the Password?)
Chandi Bot:
1. Chandi Bot 1 - 6
2. Extracting Hidden Information In An Image File (Chandi Bot)
3. Exploiting Logic Vulnerability (Chandi Bot)
4. Leaking Sensitive Information In Git Repository (Chandi Bot)