corCTF 2023 Writeup

CTFTime event link: https://ctftime.org/event/1928

Writeups

• web:
  1. force
  2. msfrognymize
  3. frogshare
  4. youdirect (Unsolved)

Background

• Starts: 29 July 2023, 00:00 UTC
• Ends: 31 July 2023, 00:00 UTC

Organized by the Crusaders of Rust (a.k.a. Starrust Crusaders), an American and European collegiate team.

Challenge categories include pwn, rev, crypto, web, blockchain, and misc.

Categories:

• blockchain
• crypto
• misc
• pwn
• rev
• web

Overview

• Team: ARESx (Collaborating with DeadSec under ARESx)
• Team Solves: 19/41
• Individual Solves: 2/41
• Score: 3389
• Rank: 7/592
• Overall Difficulty To Me: ★★★★★★★★☆☆

What I’ve learned in this CTF

• web:
  1. Bypassing Rate Limit Via GraphQL’s Aliases (Batching Query) (force)
  2. Local File Inclusion (LFI) & Filter Bypass Via Double URL Encoding (msfrognymize)
  3. Stored XSS (Cross-Site Scripting) & CSP (Content Security Policy) Bypass (frogshare)
  4. youdirect (Unsolved)