tags

Author: octo-kumo

2021-appventure-ctf/pwn/Printwriter 1.md

@@ -1,5 +1,12 @@
 ---
+ai_date: '2025-04-27 03:56:03'
+ai_summary: Format string attack exploited to gain remote shell by replacing '/bin/ls'
+  with '/bin/sh'
 created: 2021-12-21T23:50
+tags:
+- fmt-str
+- rop
+- shell
 updated: 2024-06-10T23:38
 ---
 
@@ -129,4 +136,4 @@ Flag obtained
 > cd w
 > cat README.txt
 > Hello, I was here ;) ZY
-> ```
+> ```

2021-appventure-ctf/web/AppVenture Login Part 0.md

@@ -1,5 +1,12 @@
 ---
+ai_date: '2025-04-27 03:56:06'
+ai_summary: Flag found in robots.txt disallowed path pointing to source code containing
+  the flag
 created: 2021-12-21T23:50
+tags:
+- lfi
+- src-code
+- robots.txt
 updated: 2024-06-10T23:38
 ---
 
@@ -30,4 +37,4 @@ flag0 = "flag{you_can_use_automated_tools_like_nikto_to_do_this}"
 ...
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/AppVenture Login Part 1.md

@@ -1,5 +1,9 @@
 ---
+ai_date: '2025-04-27 03:56:09'
+ai_summary: SQL injection vulnerability due to unescaped user input in a query
 created: 2021-12-21T23:50
+tags:
+- sqli
 updated: 2024-06-10T23:41
 ---
 
@@ -38,4 +42,4 @@ Everything behind `--` is ignored and we successfully log in as admin
 flag{you_can_pass_cs6131_now}
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/AppVenture Login Part 2.md

@@ -1,5 +1,12 @@
 ---
+ai_date: '2025-04-27 03:56:12'
+ai_summary: Script bruteforces password by checking characters one at a time using
+  SQL substring.
 created: 2021-12-21T23:50
+tags:
+- sql
+- brute-force
+- substring
 updated: 2024-06-10T23:38
 ---
 
@@ -81,4 +88,4 @@ flag{oops_looks_like_youre_not_blind}
 flag{oops_looks_like_youre_not_blind}
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/Espace 0.md

@@ -1,5 +1,15 @@
 ---
+ai_date: '2025-04-27 03:56:17'
+ai_summary: Exploited YAML deserialization vulnerability (RCE) in PyYAML 5.3.1 for
+  remote code execution, using a crafted payload to execute system command and retrieve
+  flag
 created: 2021-12-21T23:50
+tags:
+- remote-code-execution
+- pyyaml
+- rce
+- exploit
+- yaml
 updated: 2024-06-21T21:29
 ---
 
@@ -63,4 +73,4 @@ And after checking webhook.site for the recieved curl request
 flag{yet_another_mal-coded_library}
 ```
 
-Flag obtained
+Flag obtained

2021-appventure-ctf/web/Super Secure Trustable Implementation.md

@@ -1,5 +1,13 @@
 ---
+ai_date: '2025-04-27 03:56:21'
+ai_summary: Server-side rendering bypassed via template string manipulation and __import__
+  exploitation to execute system command.
 created: 2021-12-21T23:50
+tags:
+- xss
+- sqli
+- template-string
+- exploitation
 updated: 2024-06-21T21:30
 ---
 
@@ -129,4 +137,4 @@ And after checking webhook.site
 flag{server_side_rendering_is_fun_but_dangerous_sometimes}
 ```
 
-Flag obtained
+Flag obtained

2022-CDDC/crypto/PaddingOracle/index.md

@@ -1,5 +1,10 @@
 ---
+ai_date: '2025-04-27 03:56:24'
+ai_summary: Challenge requires sending a base64-encoded '{flag}' string to the server.
 created: 2024-06-11T01:17
+tags:
+- base64
+- rfc6462
 updated: 2024-07-07T23:08
 ---
 
@@ -36,4 +41,4 @@ $ echo '{flag}' | base64
 $ nc 18.141.181.118 8573
 Please give me base64 string:e2ZsYWd9Cg==
 WYhjrL0sqxSFjvdpzshoA+jPAVLqQj4HHywVKCJdNFyNoYHgCyMjwCsw1mTi0Gbc
-```
+```

2022-CDDC/crypto/Vigenere/index.md

@@ -1,5 +1,11 @@
 ---
+ai_date: '2025-04-27 03:56:28'
+ai_summary: Vigenere cipher decryption revealed flag
 created: 2024-06-11T01:17
+tags:
+- cipher
+- decryption
+- vigenere
 updated: 2024-07-07T23:09
 ---
 
@@ -23,4 +29,4 @@ do you know about the vigenere password? if you want to get a flag, you need to
 
 ```flag
 CDDC22{v3ry_simple_4nd_34sy_crypt0_ch4llenge}
-```
+```

2022-CDDC/forensics/CopynPaste/index.md

@@ -1,7 +1,14 @@
 ---
+ai_date: '2025-04-27 03:56:33'
+ai_summary: 'SVG animation reveals base64-encoded PNG, extracting flag: CDDC22{S4V4G3_LOVE}'
 created: 2024-06-11T01:17
-updated: 2024-07-07T23:08
+tags:
+- svg
+- base64-decode
+- flag-extraction
+- png
 title: Copy & Paste
+updated: 2024-07-07T23:08
 ---
 
 The svg is an animation of a terminal window it seems, well a bit of digging and we find this
@@ -43,4 +50,4 @@ It is an PNG image, adding the extension gives us
 
 ```flag
 CDDC22{S4V4G3_LOVE}
-```
+```

2022-CDDC/forensics/Salad/index.md

@@ -1,5 +1,13 @@
 ---
+ai_date: '2025-04-27 03:56:37'
+ai_summary: Found hidden data in image by converting to QR code and decoding binary
+  data
 created: 2024-06-11T01:17
+tags:
+- bin-repr
+- qr
+- imgf
+- steg
 updated: 2024-07-07T23:08
 ---
 
@@ -65,4 +73,4 @@ print(''.join([chr(ord(i) - 3) if i != "{" and i != "}" and i != "_" else i for
 RkdHRjU1ezhkT2RnOF9EdTZfajMzZ183X2s2ZG93a30=
 b'FGGF55{8dOdg8_Du6_j33g_7_k6dowk}'
 CDDC22{5aLad5_Ar3_g00d_4_h3alth}
-```
+```