aboutsummaryrefslogtreecommitdiff
path: root/posts
diff options
context:
space:
mode:
Diffstat (limited to 'posts')
-rw-r--r--posts/redpwn2021.md88
1 files changed, 50 insertions, 38 deletions
diff --git a/posts/redpwn2021.md b/posts/redpwn2021.md
index aaf29d0..9ac8e29 100644
--- a/posts/redpwn2021.md
+++ b/posts/redpwn2021.md
@@ -665,18 +665,22 @@ remaining possibilities until it got longer output from the program, but
laziness took over and I decided that spending 45 minutes doing very dull work
was more worth it instead.
-### Willem's part in the CTF
+## Willem's part in the CTF
Hi, Willem here.
+
In this part I will talk about my experience during the CTF and The
collaboration between me and Loek.
-This was also my first CTF, just like Loek, because of this was quite
-uncertain about my skill level. For example, I have no experience using Linux
-systems, but from what I learned before the CTF it is quite essential. My fear of
-not being able to do any off the challenge disappear quickly after we had completely
-the beginner challenges.
-With a simple sql injection I got my first real flag.
+### web/orm-bad
+
+This was also my first CTF, just like Loek, because of this was quite uncertain
+about my skill level. For example, I have no experience using Linux systems,
+but from what I learned before the CTF it is quite essential. My fear of not
+being able to do any of the challenges disappeared quickly after we had
+completed the beginner challenges. With a simple sql injection I got my first
+real flag:
+
```
username: admin';--
password:
@@ -688,55 +692,63 @@ when you're actually doing a challenge it's the last thing you think about.
So, we didn't really know who was doing which challenge, but because we're a
team of two this wasn't a big problem.
-The most challenge were a bit to hard for me. Some I would get pretty far, but needed
-Loek's help to solve it. Others I didn't even attempt to begin on.
+The most challenge were a bit to hard for me. Some I would get pretty far, but
+needed Loek's help to solve it. Others I didn't even attempt to begin on.
+
+### misc/the-substitution-game
+
+One challenge I spend a lot of time on was __The substitution game__. In the
+substitution game you had to substitute certain parts of the input string to
+get the desired output string. I got to level for of 6. Level 1 and 2 to were
+really simple, but at level 3 you started to need to really understand the
+game.
-One challenge I spend a lot of time on was __The substitution game__.
-In the substitution game you had to substitute certain parts of the input string
-to get the desired output string. I got to level for of 6.
-level 1 and 2 to were really simple, but at level 3 you started to need to
-really understand the game.
```
level 3:
initial: aaaaaaaaaaaaaa (the amount of a's varied)
target: a
```
-The solution is really simple, but it's pretty hard to get to it.
-You want to remove 'a's so I started with ```a => ``` , this turn all 'a's
-to None and left you with an empty string. The problem is you can't substitute anything in
-an empty string. The solution was ```aa => a```, this removed an 'a' every time
-the initial string got checked. To get this solution you had to realize,
-that the program would always substitute the first instance it would come
-across, and the program was set to do way more than needed substitutions.
-This would come handy in the next level.
+
+The solution is really simple, but it's pretty hard to get to it. You want to
+remove 'a's so I started with `a => `, this turn all 'a's to None and left you
+with an empty string. The problem is you can't substitute anything in an empty
+string. The solution was `aa => a`, this removed an 'a' every time the initial
+string got checked. To get this solution you had to realize, that the program
+would always substitute the first instance it would come across, and the
+program was set to do way more than needed substitutions. This would come handy
+in the next level.
+
```
level 4:
initial: ggggggggggg (the amount of g's varied)
target: ginkoid
```
+
After completing level 3 this level looks very easy, just substitute the g's
-like before ```gg => g``` and turn the last g into ginkoid ```g => ginkoid```
-, but this didn't work because of the way the program worked, after getting to a
+like before `gg => g` and turn the last g into ginkoid `g => ginkoid` , but
+this didn't work because of the way the program worked, after getting to a
valid solution I didn't stop and the single g in ginkoid would also change to
-ginkoid. You would get infinite ginkoid.
-The solution was:
-```gg => ginkoid; ginkoidginkoid => ginkoid; ginkoidg => ginkoid```
+ginkoid. You would get infinite ginkoid. The solution was:
+
+```
+gg => ginkoid; ginkoidginkoid => ginkoid; ginkoidg => ginkoid
+```
+
I began with noticing you couldn't just change the g, because that would also
change the g in ginkoid. so double gg becomes ginkoid. We have to use the same
-trick as in level 3 to gain only one ginkoid ```ginkoidginkoid => ginkoid```
-because of the way we changed the single g's to ginkoid it would only work
-with an even amount of g's. In the case there was an uneven amount of g's
-we would be left with ginkoidg, so we remove it ```ginkoidg => ginkoid```.
+trick as in level 3 to gain only one ginkoid `ginkoidginkoid => ginkoid`
+because of the way we changed the single g's to ginkoid it would only work with
+an even amount of g's. In the case there was an uneven amount of g's we would
+be left with ginkoidg, so we remove it `ginkoidg => ginkoid`.
I found this challenge really enjoyable and during this challenge I noticed
-that I most enjoy the puzzle aspect of computer science, puzzling for hours
-to fix a bug and then finally finding a solution.
-
-I didn't complete many challenges and wasn't really able to help Loek, but
-I really enjoyed the CTF. It's a really fun way to test your skills and
-knowledge. In the end I'm really happy with the score we (mostly Loek) got
-and I think I’ll take part in other CTFs in the future.
+that I most enjoy the puzzle aspect of computer science, puzzling for hours to
+fix a bug and then finally finding a solution.
+I didn't complete many challenges and wasn't really able to help Loek, but I
+really enjoyed the CTF. It's a really fun way to test your skills and
+knowledge. In the end I'm really happy with the score we (mostly Loek) got and
+I think I’ll take part in other CTFs in the future.
## Epilogue