Skip to content

Latest commit

 

History

History
88 lines (75 loc) · 2.29 KB

README.md

File metadata and controls

88 lines (75 loc) · 2.29 KB

Challenges for SC5 - Spokane Cyber Cup V

Web (11)

  • Lottery:
    • Redis duplicate key caching bug
  • Regex is Evil
  • user agent:
    • Set the user agent to a special value to bypass auth
  • amazon:
    • Breaking OTP
  • Racey:
    • Race condition
  • Injection city (6):
    • Command injection
    • Argument injection
    • Code injection
    • Template injection
    • SQL injection
    • XSS

Binary (10)

  • Basic memory corruption series(5):
    • Corrupting a variable
    • Controlling the variable
    • Hijacking the control flow on function pointer
    • Hijacking the control flow on RET address
    • Shellcode - your own code
    • Reused with mods from years past: https://github.com/mdulin2/SC3/tree/master/buf_series was used in years past.
  • JavaScript ROP
  • Airline creator (4):
    • What's my seat?
    • First mod - name
    • Second mod - ticket class
    • Check yourself before you wreck yourself

Linux

  • No chars
  • Odd

Reverse Engineering (6)

  • GameBoy (gameboy) (2):
    • Hackermon Null challenge 1: strings or hex editor to read password
    • Hackermon Null challenge 2: Use emulator w/ debugger to tamper memory
  • tpm_decode (2):
    • Find the command
    • Find the secret being stored
  • Cracking:
    • Easy way out
    • A little salt

Cryptography (4)

Blockchain (3)

  • Mining - pseudo bitcoin mining
  • Blockchain apprentice - OSINT on blockchain
  • Bad key gen - brute forcing keys

OSINT

  • Hotel finding from only an image (Vanessa)
  • Google Dork
  • DNS Scavenger hunt (3):
    • MX
    • Hosting Provider
    • Domain Registration Lookup

Other Challenges (7)

  • Phreaking (4)
    • ABCD
    • Blue box (coins)
    • Red box (free calls)
    • Calling card (unused bonus challenge)
  • LLMs (chatgpt) (2):
    • Programmer Helper 3.5 (challenge 1): Bypass system prompt to make the GPT-3.5 chatbot say the forbidden word.
    • Programmer Helper 4 (challenge 2): Bypass system prompt to make the GPT-4 chatbot say the forbidden word.
  • Magician:
    • Reverse engieering and decoding some content.