xtrimi

SEO CEO overview i dived through the nextjs script and found nothing of importance, so i turned to basic information leak(.htaccess, .DS_Store etc.) we also have to take in account the chall title mentions SEO, thus robots.txt and sitemap.xml came to mind robots.txt does exist but was clearly a fake flag, but in sitemap.xml we see an interesting route: <url> <loc>https://www.thiswebsite.com/goofyahhroute</loc> <lastmod>2025-02-26</lastmod> <changefreq>never</changefreq> <priority>0.0</priority> </url> going to https://seo-opal.vercel.app/goofyahhroute we see: ok bro u da seo master gng frfr ngl no cap but do you really want the “flag”? come on blud, it’s a yes or no question yeah? ...

we got 12th! yay prob wouldve gotten higher but the remaining chals are literally just mind reading and i cba ill only be explaining chals i care about & all web Web Grandma’s Secret Recipe we can login as 'kitchen helper' but we need to access the pantry as 'grandma' checking our cookies we have cookies checksum and role throwing checksum into a hash checker we know its md5, so we can just throw a md5 hash of ‘grandma’ and edit cookie to get through ...

ill wriet this in like 12 hours idk its now 1 month later masterful procrastination Prismatic Blogs overview we’re provided with two endpoints: /api/login/ and /api/posts/ the service uses prisma database and initialize 4 users with randomized password our flag is in one of the 4 users’ post, except it isn’t published we can’t really do much with /login/, so lets check /posts/: app.get( "/api/posts", async (req, res) => { try { let query = req.query; query.published = true; let posts = await prisma.post.findMany({where: query}); res.json({success: true, posts}) } catch (error) { res.json({ success: false, error }); } } ); notice that our query is directly passed into findMany without any sanitizations. can we exploit that? ...

dude i was doing ECTF prior to this and didnt see this ctf coming up literally hours after i was wondering why i dont see big names on ECTF leaderboard but after solving i realized the reason was chals were abysmally bad there i sacrificed a good(?) ctf for a garbage ctf ts pmo so anyways this became a “how many chals can i solo solve in 4 hours” challenge! (it was 9) just kidding i focused on web (some chals im too lazy to explain) ...

i hunted with Untitled CTF Game last weekend and ended up in 34th place, which was Kinda awesome i mained web but also sniped some easy challs, which i will be yapping abt in this post Forensics deldeldel [50] I managed to log more than just keys… perhaps it was too much data to capture? we’re given klogger.pcapng that consists of numerous USB packets given they’re keypresses from desc, i used this repo to parse the keypresses: ...

didn’t expect to get 2nd LOL Welcome Welcome 0x2 [100] we’re told to score 10k on the main page’s snake game: no way im doing that! let’s look for the source code f12, ctrl+u and right click is blocked, but we can use view-source:https://ctf.scint.org, then ctrl+f and there’s our flag! THJCC{Sn4ke_G4me_Mast3r} Discord 0x2 [100] run get_flag command using the bot… let’s use slash commands! mfw you can’t right click on bot messages to copy text flag: THJCC{🇩 🇮 🇸 🇨 ⭕ 🇷 🇩 🚀 🚀 🚀 💥 💥 } ...

ik this is like 1 month ago but i was busy with working on udg2 april fools so here we are this was the most solved chall but i spent an embarrasingly long time solving it guess i have a massive skill issue challenge we’re presented with a textbox input here, which will display a message on the page when it’s submitted, along with a button that shares our message with the admin bot the admin bot carries a flag cookie on its visit, so i figured i need to make the bot send the cookie to us somehow ...