new

Author: octo-kumo

2021-appventure-ctf/pwn/Printwriter 1.md

@@ -1,4 +1,11 @@
 ---
+ai_date: '2025-04-27 05:10:12'
+ai_summary: Format string attack exploited to gain remote shell by replacing '/bin/ls'
+  with '/bin/sh'
+ai_tags:
+- fmt-str
+- rop
+- shell
 created: 2021-12-21T23:50
 updated: 2024-06-10T23:38
 ---
@@ -129,4 +136,4 @@ Flag obtained
 > cd w
 > cat README.txt
 > Hello, I was here ;) ZY
-> ```
+> ```

2021-appventure-ctf/web/AppVenture Login Part 0.md

@@ -1,4 +1,10 @@
 ---
+ai_date: '2025-04-27 05:10:15'
+ai_summary: Flag found in robots.txt disallowed path pointing to source code
+ai_tags:
+- robots.txt
+- src-code
+- 信息披露
 created: 2021-12-21T23:50
 updated: 2024-06-10T23:38
 ---
@@ -30,4 +36,4 @@ flag0 = "flag{you_can_use_automated_tools_like_nikto_to_do_this}"
 ...
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/AppVenture Login Part 1.md

@@ -1,4 +1,9 @@
 ---
+ai_date: '2025-04-27 05:10:19'
+ai_summary: SQL injection vulnerability due to unescaped user input in a query
+ai_tags:
+- sql
+- injection
 created: 2021-12-21T23:50
 updated: 2024-06-10T23:41
 ---
@@ -38,4 +43,4 @@ Everything behind `--` is ignored and we successfully log in as admin
 flag{you_can_pass_cs6131_now}
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/AppVenture Login Part 2.md

@@ -1,4 +1,11 @@
 ---
+ai_date: '2025-04-27 05:10:26'
+ai_summary: Script bruteforces password by checking characters one at a time using
+  SQL substring.
+ai_tags:
+- sql
+- brute-force
+- sub-string
 created: 2021-12-21T23:50
 updated: 2024-06-10T23:38
 ---
@@ -81,4 +88,4 @@ flag{oops_looks_like_youre_not_blind}
 flag{oops_looks_like_youre_not_blind}
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/Espace 0.md

@@ -1,4 +1,11 @@
 ---
+ai_date: '2025-04-27 05:10:32'
+ai_summary: Exploited YAML deserialization vulnerability (RCE) in PyYAML 5.3.1 for
+  remote code execution, using a crafted payload.
+ai_tags:
+- yaml
+- rce
+- deserialization
 created: 2021-12-21T23:50
 updated: 2024-06-21T21:29
 ---
@@ -63,4 +70,4 @@ And after checking webhook.site for the recieved curl request
 flag{yet_another_mal-coded_library}
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/Super Secure Trustable Implementation.md

@@ -1,4 +1,11 @@
 ---
+ai_date: '2025-04-27 05:10:37'
+ai_summary: Bypassed server-side filtering using template string manipulation and
+  __import__ to execute system command
+ai_tags:
+- xss
+- template-string
+- exploitation
 created: 2021-12-21T23:50
 updated: 2024-06-21T21:30
 ---
@@ -129,4 +136,4 @@ And after checking webhook.site
 flag{server_side_rendering_is_fun_but_dangerous_sometimes}
 ```
 
-Flag obtained
+Flag obtained

2022-CDDC/crypto/PaddingOracle/index.md

@@ -1,4 +1,11 @@
 ---
+ai_date: '2025-04-27 05:10:43'
+ai_summary: Base64-encoded flag input required, likely involving a simple bruteforce
+  or input validation bypass.
+ai_tags:
+- base64
+- brute
+- input-validation
 created: 2024-06-11T01:17
 updated: 2024-07-07T23:08
 ---
@@ -36,4 +43,4 @@ $ echo '{flag}' | base64
 $ nc 18.141.181.118 8573
 Please give me base64 string:e2ZsYWd9Cg==
 WYhjrL0sqxSFjvdpzshoA+jPAVLqQj4HHywVKCJdNFyNoYHgCyMjwCsw1mTi0Gbc
-```
+```

2022-CDDC/crypto/Vigenere/index.md

@@ -1,4 +1,10 @@
 ---
+ai_date: '2025-04-27 05:10:45'
+ai_summary: Vigenere cipher decryption challenge with key 'key'
+ai_tags:
+- vigenere
+- cipher
+- decryption
 created: 2024-06-11T01:17
 updated: 2024-07-07T23:09
 ---
@@ -23,4 +29,4 @@ do you know about the vigenere password? if you want to get a flag, you need to
 
 ```flag
 CDDC22{v3ry_simple_4nd_34sy_crypt0_ch4llenge}
-```
+```

2022-CDDC/forensics/CopynPaste/index.md

@@ -1,7 +1,13 @@
 ---
+ai_date: '2025-04-27 05:10:50'
+ai_summary: SVG animation reveals base64-encoded PNG flag after parsing and decoding
+ai_tags:
+- svg
+- base64-decode
+- png
 created: 2024-06-11T01:17
-updated: 2024-07-07T23:08
 title: Copy & Paste
+updated: 2024-07-07T23:08
 ---
 
 The svg is an animation of a terminal window it seems, well a bit of digging and we find this
@@ -43,4 +49,4 @@ It is an PNG image, adding the extension gives us
 
 ```flag
 CDDC22{S4V4G3_LOVE}
-```
+```

2022-CDDC/forensics/Salad/index.md

@@ -1,4 +1,11 @@
 ---
+ai_date: '2025-04-27 05:10:55'
+ai_summary: Found hidden data in image by converting to QR code and decoding binary
+  data
+ai_tags:
+- qr
+- binary-representation
+- steganography
 created: 2024-06-11T01:17
 updated: 2024-07-07T23:08
 ---
@@ -65,4 +72,4 @@ print(''.join([chr(ord(i) - 3) if i != "{" and i != "}" and i != "_" else i for
 RkdHRjU1ezhkT2RnOF9EdTZfajMzZ183X2s2ZG93a30=
 b'FGGF55{8dOdg8_Du6_j33g_7_k6dowk}'
 CDDC22{5aLad5_Ar3_g00d_4_h3alth}
-```
+```