Misc

Challenge description you can run anything on this! please dont hack me Source code blacklist = "._0x/|?*[]{}<>\"'=()\\\t " blacklist2 = ['eval', 'exec', 'compile', 'import', 'os', 'sys', 'cat', 'ls', 'exit', 'list', 'max', 'min', 'set', 'tuple'] def validate(code): for char in blacklist: if char in str(code): return False for word in blacklist2: if word in str(code): return False return True if __name__ == '__main__': print("------------------------------") print("Welcome to my very cool python interpreter! \nI hope I blacklisted enough... \nYou can never be too careful with these things...") print("Send an empty line to run!") print("------------------------------") safe_code = "" while (True): unsafe_code = input(">>> ") if (unsafe_code == ""): try: exec(safe_code) except: print("Error executing!") break unsafe_code = unsafe_code.replace("open", "") unsafe_code = unsafe_code.replace("print", "") if (not validate(unsafe_code)): print("Invalid code!") continue safe_code += str(unsafe_code)+ "\n" First analysis In this challenge we had to read the flag.txt file. The script let us upload python code trough the while loop, blacklisting a number of characters. Most notably: ...

I touched my keyfob for free bubblegum and they stole my flag :( Files keyfob.trace What’s going on? We have keyfob.trace, which is a log file. Firstly, we saw a rfid challenge tag, and we understood what was going on: RFID (radio frequency identification) is a form of wireless communication that incorporates the use of electromagnetic or electrostatic coupling in the radio frequency portion of the electromagnetic spectrum to uniquely identify an object, animal or person. ...

The flag is in format dctf{7_4_2_3_7_4} where numbers represent number of characters between underscores. For clarification: you will get the whole flag as a result, including the dctf{} part. Files cfg.zip What’s going on? We have cfg.zip, which contains 2134 folders. An example of the structure is shown below: Image not found! Some folders contain only subfolders. Subfolders name is not random: subfolders have the same name of a folder from the upper layer. Some folders contain only <letter>.txt files. Some folders contain both txt files and subfolders. Between challenge tags, we saw context-free-grammar. In order to make the solution more understandable, we briefly introduce what a context free grammar is. ...

Challenge Information category: misc points: 273 Description 赶紧加入游戏吧。 我们在等你 Hurry up and join in the game. We’re waiting for you. http://134.175.230.10/ (cn) http://222.85.25.41/ (cn) http://144.202.79.93/ (us) http://80.240.24.78/ (de) http://45.77.253.164/ (sg) Hint mc_joinin’s flag is: De1CTF{md5(flag)} mc_joinin 的 flag 格式为：De1CTF{md5(flag)} Writeup Author aandryyy fuomag9 Fabbrei rickycraft Solution By looking at the IP given we realized it was a Minecraft challenge. We1c0me t0 De1Ta He4dl3ss M1neCrAft Te2t SeRv3r Minecraft 20.20 is developed by De1ta Team based on 1.12 Headless Client isn’t necessary. ...