https://chw41.github.io/tags/notes/Recent content in Notes on chw㉿world:~$Hugozh-twTue, 10 Dec 2024 00:00:00 +0000https://chw41.github.io/b1og/calibre-cve-cve-2024-6782/Tue, 10 Dec 2024 00:00:00 +0000https://chw41.github.io/b1og/calibre-cve-cve-2024-6782/<h1 id="calibre-cve-cve-2024-6782"> Calibre CVE: CVE-2024-6782 </h1><h1 id="table-of-contents"> Table of Contents </h1><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#calibre-cve-cve-2024-6782">Calibre CVE: CVE-2024-6782</a></li> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#info">Info</a></li> <li><a href="#cve-info">CVE Info</a></li> <li><a href="#code-review">Code Review</a> <ul> <li><a href="#srccalibredbclicmdlistpy">src/calibre/db/cli/cmd.list.py</a> <ul> <li><a href="#1-sql-fields-資料庫設定">1. SQL fields 資料庫設定</a></li> <li><a href="#2-ebook-format--path-formats--cover">2. ebook format &amp; path: <code>formats()</code> &amp; <code>cover()</code></a></li> <li><a href="#3-sort-fields-implementation-從資料庫中查書回傳json">3. sort fields: <code>implementation()</code>: 從資料庫中查書，回傳JSON</a></li> <li><a href="#4-do_list-輸出格式">4. <code>do_list()</code> 輸出格式</a></li> </ul> </li> <li><a href="#srccalibresrvcdbpy">src/calibre/srv/cdb.py</a> <ul> <li><a href="#1-cdb_run-command-module">1. cdb_run: command module</a></li> <li><a href="#2-cdb_add_book-add-book">2. cdb_add_book: Add book</a></li> <li><a href="#3-cdb_delete_book-delete-book">3. cdb_delete_book: Delete book</a></li> <li><a href="#4-cdb_set_cover-set-cover">4. cdb_set_cover: Set cover</a></li> <li><a href="#5-cdb_set_fields-編輯書籍">5. cdb_set_fields 編輯書籍</a></li> <li><a href="#6-cdb_copy_to_library">6. cdb_copy_to_library</a></li> </ul> </li> </ul> </li> <li><a href="#vulnerability-details">Vulnerability Details</a> <ul> <li><a href="#1-srccalibresrvcdbpy-載入-module">1. src/calibre/srv/cdb.py 載入 module</a></li> <li><a href="#2-偽造-template-輸入">2. 偽造 template 輸入</a></li> <li><a href="#3-evaluate執行前綴">3. evaluate()執行前綴</a></li> </ul> </li> <li><a href="#proof-of-concept-ref-starlabs">Proof-of-Concept (Ref: starlabs)</a></li> <li><a href="#patch">Patch</a></li> </ul> </nav> </details> </nav><p>[TOC]</p>https://chw41.github.io/b1og/ais3-pre-exam-ctf-2024-writeup/Thu, 25 Jul 2024 00:00:00 +0000https://chw41.github.io/b1og/ais3-pre-exam-ctf-2024-writeup/<h1 id="ais3-pre-exam-ctf-2024-writeup"> AIS3 Pre-exam CTF 2024 writeup </h1><h1 id="table-of-contents"> Table of Contents </h1><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#ais3-pre-exam-ctf-2024-writeup">AIS3 Pre-exam CTF 2024 writeup</a></li> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#misc">Misc</a> <ul> <li><a href="#welcome">Welcome</a> <ul> <li><a href="#welcome-solution">Welcome Solution</a></li> <li><a href="#get-flag">Get FLAG</a></li> </ul> </li> <li><a href="#three-dimensional-secret">Three Dimensional Secret</a> <ul> <li><a href="#three-dimensional-secret-solution">Three Dimensional Secret Solution</a></li> <li><a href="#get-flag-1">Get FLAG</a></li> </ul> </li> <li><a href="#quantum-nim-heist">Quantum Nim Heist</a> <ul> <li><a href="#quantum-nim-heist-solution">Quantum Nim Heist Solution</a></li> <li><a href="#get-flag-2">Get FLAG</a></li> </ul> </li> <li><a href="#emoji-console">Emoji Console</a> <ul> <li><a href="#emoji-console-solution">Emoji Console Solution</a></li> <li><a href="#get-flag-3">Get FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#web">Web</a> <ul> <li><a href="#evil-calculator">Evil Calculator</a> <ul> <li><a href="#evil-calculator-solution">Evil Calculator Solution</a></li> <li><a href="#get-flag-4">Get FLAG</a></li> </ul> </li> <li><a href="#its-mygo">It's MyGO!!!!!</a> <ul> <li><a href="#its-mygo-solution">It's MyGO!!!!! Solution</a></li> <li><a href="#get-flag-5">Get FLAG</a></li> </ul> </li> <li><a href="#ebook-parser">Ebook Parser</a> <ul> <li><a href="#ebook-parser-solution">Ebook Parser Solution</a></li> <li><a href="#get-flag-6">Get FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#crypto">Crypto</a> <ul> <li><a href="#babyrsa">babyRSA</a> <ul> <li><a href="#babyrsa-solution">babyRSA Solution</a></li> <li><a href="#get-flag-7">Get FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#reverse">Reverse</a> <ul> <li><a href="#the-long-print">The Long Print</a> <ul> <li><a href="#the-long-print-solution">The Long Print Solution</a></li> <li><a href="#get-flag-8">Get FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#final">FINAL</a> <ul> <li> <ul> <li></li> </ul> </li> </ul> </li> </ul> </nav> </details> </nav><p>[TOC]</p>https://chw41.github.io/b1og/picoctf-caas-writeup--patch/Tue, 25 Jun 2024 00:00:00 +0000https://chw41.github.io/b1og/picoctf-caas-writeup--patch/<h1 id="picoctf-caas-writeup--patch"> picoCTF: caas Writeup &amp; Patch </h1><h2 id="table-of-contents"> Table of Contents </h2><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#picoctf-caas-writeup--patch">picoCTF: caas Writeup &amp; Patch</a> <ul> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#topic">Topic</a> <ul> <li><a href="#lab">Lab</a></li> <li><a href="#initial-enumeration">Initial Enumeration</a></li> </ul> </li> <li><a href="#solution">Solution</a> <ul> <li><a href="#1-attempt">1. Attempt</a></li> <li><a href="#2-code-review">2. Code Review</a></li> <li><a href="#3-command-injection">3. Command Injection</a></li> <li><a href="#4-get-flag">4. Get Flag</a></li> </ul> </li> <li><a href="#vulnerability-causes">Vulnerability causes</a></li> <li><a href="#patch">Patch</a> <ul> <li></li> </ul> </li> </ul> </li> </ul> </nav> </details> </nav><p>[TOC]</p> <h2 id="topic"> Topic </h2><h3 id="lab"> Lab </h3><h4 id="picoctf"> picoCTF: </h4><p><a href="https://play.picoctf.org/practice/challenge/202?category=1&amp;page=1&amp;search=caas">https://play.picoctf.org/practice/challenge/202?category=1&page=1&search=caas</a></p> <h3 id="initial-enumeration"> Initial Enumeration </h3><p>●Start Machine: <br> <a href="https://caas.mars.picoctf.net/">https://caas.mars.picoctf.net/</a> <br> <img src="https://hackmd.io/_uploads/Hkeunxd8R.png" alt="image"></p> <h2 id="solution"> Solution </h2><h3 id="1-attempt"> 1. Attempt </h3><pre tabindex="0"><code>https://caas.mars.picoctf.net/cowsay/chw </code></pre><p><img src="https://hackmd.io/_uploads/HycdAxu8R.png" alt="image"></p> <h3 id="2-code-review"> 2. Code Review </h3><p>index.js</p> <pre tabindex="0"><code class="language-javascript=" data-lang="javascript=">const express = require(&#39;express&#39;); const app = express(); const { exec } = require(&#39;child_process&#39;); app.use(express.static(&#39;public&#39;)); app.get(&#39;/cowsay/:message&#39;, (req, res) =&gt; { exec(`/usr/games/cowsay ${req.params.message}`, {timeout: 5000}, (error, stdout) =&gt; { if (error) return res.status(500).end(); res.type(&#39;txt&#39;).send(stdout).end(); }); }); app.listen(3000, () =&gt; { console.log(&#39;listening&#39;); }); </code></pre><blockquote><ol> <li>express 伺服器框架</li> <li>exec 使用 child_process 執行命令</li> <li>{req.params.message} 直接丟進Shell 執行</li> <li>Err 回應 500</li> </ol> </blockquote><h3 id="3-command-injection"> 3. Command Injection </h3><blockquote><p>; 用分號閉合req.params.message，接著注入指令</p>https://chw41.github.io/b1og/cyber-apocalypse-2024-hacker-royale/Tue, 18 Jun 2024 00:00:00 +0000https://chw41.github.io/b1og/cyber-apocalypse-2024-hacker-royale/<h1 id="cyber-apocalypse-2024-hacker-royale"> Cyber Apocalypse 2024: Hacker Royale </h1><h1 id="table-of-contents"> Table of Contents </h1><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#cyber-apocalypse-2024-hacker-royale">Cyber Apocalypse 2024: Hacker Royale</a></li> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#hackthebox-ctf">HackTheBox CTF</a></li> <li><a href="#misc">Misc</a> <ul> <li><a href="#character">Character</a> <ul> <li><a href="#character-solution">Character Solution</a></li> <li><a href="#get-flag">Get FLAG</a></li> </ul> </li> <li><a href="#stop-drop-and-roll">Stop Drop and Roll</a> <ul> <li><a href="#stop-drop-and-roll-solution">Stop Drop and Roll Solution</a></li> </ul> </li> </ul> </li> <li><a href="#hardware">Hardware</a> <ul> <li><a href="#maze">Maze</a> <ul> <li><a href="#maze-solution">Maze Solution</a></li> <li><a href="#get-flag-1">Get FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#web">Web</a> <ul> <li><a href="#korp-terminal">KORP Terminal</a> <ul> <li><a href="#attempt">Attempt</a></li> <li><a href="#timekorp-solution">TimeKORP Solution</a></li> </ul> </li> <li><a href="#timekorp">TimeKORP</a> <ul> <li><a href="#attempt-1">Attempt</a></li> <li><a href="#code-review">Code Review</a></li> <li><a href="#timekorp-solution-1">TimeKORP Solution</a></li> <li><a href="#get-flag-2">Get FLAG</a></li> </ul> </li> <li><a href="#flag-command">Flag Command</a> <ul> <li></li> <li><a href="#code-review-js">Code review JS</a></li> <li><a href="#flag-command-solution">Flag Command Solution</a></li> </ul> </li> <li><a href="#testimonial">Testimonial</a> <ul> <li><a href="#attempt-2">Attempt</a></li> <li><a href="#code-review-1">Code Review</a></li> <li><a href="#testimonial-solution">Testimonial Solution</a></li> </ul> </li> <li><a href="#labyrinth-linguist">Labyrinth Linguist</a> <ul> <li><a href="#labyrinth-linguist-solution">Labyrinth Linguist Solution</a></li> </ul> </li> </ul> </li> <li><a href="#final">FINAL</a> <ul> <li> <ul> <li></li> </ul> </li> </ul> </li> </ul> </nav> </details> </nav><p>[TOC]</p>https://chw41.github.io/b1og/gdb--binary-exploitation/Mon, 20 May 2024 00:00:00 +0000https://chw41.github.io/b1og/gdb--binary-exploitation/<h1 id="gdb--binary-exploitation"> GDB &amp; Binary Exploitation </h1><h1 id="table-of-contents"> Table of Contents </h1><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#gdb--binary-exploitation">GDB &amp; Binary Exploitation</a></li> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#gdb-gnu-debugger">GDB (GNU Debugger)</a> <ul> <li><a href="#install-gdb">Install GDB</a></li> <li><a href="#start-up-gdb">Start up GDB</a></li> <li><a href="#gdb-basic-command">GDB Basic Command</a></li> </ul> </li> <li><a href="#binary-exploitation">Binary Exploitation</a> <ul> <li><a href="#elf-executable-and-linkable-format">ELF (Executable and Linkable Format)</a></li> <li><a href="#x64">x64</a> <ul> <li><a href="#8-bytes-alignment-8位元對齊">8 bytes alignment (8位元對齊)</a></li> <li><a href="#stack-0x10-bytes-alignment-stack對齊">Stack 0x10 bytes alignment (Stack對齊)</a></li> <li><a href="#registers">Registers</a></li> <li><a href="#assembly">Assembly</a></li> <li><a href="#stack-frame">Stack Frame</a></li> </ul> </li> <li><a href="#common-vulnerabilities">Common Vulnerabilities</a></li> </ul> </li> <li><a href="#pwn">PWN</a> <ul> <li><a href="#pwn-工具和技術">pwn 工具和技術</a> <ul> <li></li> </ul> </li> </ul> </li> <li><a href="#安全程式設計-lab">安全程式設計 Lab</a> <ul> <li> <ul> <li></li> </ul> </li> </ul> </li> </ul> </nav> </details> </nav><p>[TOC]</p> <h1 id="gdb-gnu-debugger"> GDB (GNU Debugger) </h1><blockquote><p>GNU開發工具 (GNU toolchain) 是Linux作業系統、嵌入式系統 (Embedded System)、與自由及開放原始碼軟體 (Free and Open Source Software, FOSS) 社群中，最常見、使用得最廣泛的程式開發工具。GNU開發工具是由GNU計劃 (GNU Project) 中的數個程式開發工具所集合而成，可以完成編譯、組譯和連結等步驟，還有自動化設定、自動化編譯、除錯工具等功能。GNU計劃是1983年時理查史托曼 (Richard Stallman) 提出的，目的是要建立一個由自由軟體組成的作業系統。1992年時，Linux核心以GNU通用公共授權條款 (GPL) 釋出，與GNU計劃組成GNU/Linux作業系統，而成為最多人使用的自由軟體作業系統家族，GNU開發工具也成為這些系統最主要的開發工具。 Ref: <a href="https://www.cc.ntu.edu.tw/chinese/epaper/0020/20120320_2005.html">https://www.cc.ntu.edu.tw/chinese/epaper/0020/20120320_2005.html</a></p>https://chw41.github.io/b1og/conflict-ctf-writeup/Wed, 10 Apr 2024 00:00:00 +0000https://chw41.github.io/b1og/conflict-ctf-writeup/<h1 id="conflict-ctf-writeup"> Conflict CTF writeup </h1><h2 id="table-of-contents"> Table of Contents </h2><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#conflict-ctf-writeup">Conflict CTF writeup</a> <ul> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#ref">Ref: https://github.com/ntut-xuan/ConflictCTF</a></li> </ul> </li> <li><a href="#topic">Topic</a> <ul> <li><a href="#scriptpy">script.py</a></li> </ul> </li> <li><a href="#solution">Solution</a> <ul> <li><a href="#slove-the-conflict">Slove the conflict</a></li> </ul> </li> <li><a href="#get-flag">Get Flag</a></li> </ul> </nav> </details> </nav><p>[TOC]</p> <h2 id="ref"> Ref: <a href="https://github.com/ntut-xuan/ConflictCTF">https://github.com/ntut-xuan/ConflictCTF</a> </h2><pre tabindex="0"><code>git clone https://github.com/ntut-xuan/ConflictCTF.git </code></pre><p><img src="https://hackmd.io/_uploads/r1Hd_4uyA.png" alt="image"></p> <pre tabindex="0"><code>git checkout master git merge origin/alice </code></pre><p><img src="https://hackmd.io/_uploads/SJ1w_V_y0.png" alt="image"></p> <pre tabindex="0"><code>git merge origin/bob // Solve the conflict. </code></pre><p><img src="https://hackmd.io/_uploads/B1EQQZ4xC.png" alt="image"></p> <h1 id="topic"> Topic </h1><h2 id="scriptpy"> script.py </h2><pre tabindex="0"><code class="language-python=" data-lang="python=">&lt;&lt;&lt;&lt;&lt;&lt;&lt; HEAD #flag_format = &#34;flag{FLAG_HERE}&#34; alice = [&#39;0x62&#39;, &#39;0x6f&#39;, &#39;0x6f&#39;, &#39;0x6c&#39;, &#39;0x72&#39;, &#39;0x6e&#39;, &#39;0x63&#39;, &#39;0x6e&#39;, &#39;0x69&#39;, &#39;0x72&#39;, &#39;0x76&#39;, &#39;0x6e&#39;, &#39;0x5f&#39;, &#39;0x75&#39;, &#39;0x65&#39;, &#39;0x75&#39;, &#39;0x73&#39;, &#39;0x5f&#39;, &#39;0x69&#39;, &#39;0x7b&#39;, &#39;0x61&#39;, &#39;0x66&#39;] bob = [] def make_the_list_into_char_list(list: list[str]) -&gt; list[str]: array = [] for i in range(len(list)): array.append(chr(int(list[i], base=16))) return array def reverse_the_list(list: list[str]) -&gt; list[str]: ======= import random # flag_format = &#34;flag{FLAG_HERE}&#34; alice = [] bob = [&#39;0x81&#39;, &#39;0x6a&#39;, &#39;0x7c&#39;, &#39;0x66&#39;, &#39;0x6f&#39;, &#39;0x7b&#39;, &#39;0x71&#39;, &#39;0x66&#39;, &#39;0x77&#39;, &#39;0x7b&#39;, &#39;0x6e&#39;, &#39;0x62&#39;, &#39;0x6b&#39;, &#39;0x6d&#39;, &#39;0x67&#39;, &#39;0x79&#39;, &#39;0x64&#39;, &#39;0x69&#39;, &#39;0x75&#39;, &#39;0x68&#39;, &#39;0x6d&#39;, &#39;0x6c&#39;] def make_the_list_into_char_list(array): return list(map(chr, [int(x, base=16) for x in array])) def reverse_the_list(list): &gt;&gt;&gt;&gt;&gt;&gt;&gt; origin/bob array = [] for i in range(len(list)): array.append(list[len(list)-1-i]) return array def decrease(list): random.seed(&#34;bob&#34;) for i in range(len(list)): list[i] = hex(int(list[i], base=16) - int(random.random() * 10)) return list def make_flag(alice_key, bob_key): for i in range(len(alice_key)): print(alice_key[i], end=&#34;&#34;) print(bob_key[i], end=&#34;&#34;) print() make_flag( make_the_list_into_char_list(reverse_the_list(alice)), make_the_list_into_char_list(reverse_the_list(decrease(bob))) &lt;&lt;&lt;&lt;&lt;&lt;&lt; HEAD ) ======= ) &gt;&gt;&gt;&gt;&gt;&gt;&gt; origin/bob </code></pre><pre tabindex="0"><code>python3 script.py </code></pre><p><img src="https://hackmd.io/_uploads/SJO9OEdyA.png" alt="image"></p>https://chw41.github.io/b1og/git-%E4%BB%8B%E7%B4%B9--%E5%B8%B8%E7%94%A8%E6%93%8D%E4%BD%9C/Wed, 10 Apr 2024 00:00:00 +0000https://chw41.github.io/b1og/git-%E4%BB%8B%E7%B4%B9--%E5%B8%B8%E7%94%A8%E6%93%8D%E4%BD%9C/<h1 id="git-介紹--常用操作"> Git 介紹 &amp; 常用操作 </h1><h1 id="table-of-contents"> Table of Contents </h1><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#git-介紹--常用操作">Git 介紹 &amp; 常用操作</a></li> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#git-基本介紹">git 基本介紹</a></li> <li><a href="#install">Install</a></li> <li><a href="#config">Config</a></li> <li><a href="#git-editing-process">Git editing process</a></li> <li><a href="#completed-oneself">Completed oneself</a> <ul> <li><a href="#1-create-papertxt">1. Create paper.txt</a></li> <li><a href="#11-changes-request">1.1 Changes request</a></li> <li><a href="#2-complete-the-first-question">2. Complete the first question</a></li> <li><a href="#21-changes-request">2.1 Changes request</a></li> </ul> </li> <li><a href="#branch">Branch</a> <ul> <li><a href="#1-create--switch-branch">1. Create &amp; Switch Branch</a> <ul> <li><a href="#-create--switch-to-alice">● Create &amp; Switch to alice</a></li> <li><a href="#-create--switch-to-bob">● Create &amp; Switch to bob</a></li> </ul> </li> <li><a href="#2-branch-alice">2. Branch alice</a> <ul> <li><a href="#21-switch-to-alice">2.1 Switch to alice</a></li> <li><a href="#22-alice-editing">2.2 alice editing</a></li> <li><a href="#23-changes-request">2.3 Changes request</a></li> </ul> </li> <li><a href="#3-branch-bob">3. Branch bob</a> <ul> <li><a href="#31-switch-to-bob">3.1 Switch to bob</a></li> <li><a href="#32-bob-editing">3.2 Bob editing</a></li> <li><a href="#23-changes-request-1">2.3 Changes request</a></li> </ul> </li> </ul> </li> <li><a href="#merge">Merge</a> <ul> <li><a href="#-return-to-master-and-merge">● Return to Master and Merge</a> <ul> <li><a href="#1-merge-bob">1. Merge Bob</a></li> <li><a href="#2-merge-alice">2. Merge Alice</a></li> </ul> </li> </ul> </li> <li><a href="#connecting-to-github-ssh">Connecting to GitHub: SSH</a> <ul> <li><a href="#ssh-key">SSH key</a> <ul> <li><a href="#1-generate-ssh-key-pairs-for-secure-communication">1. Generate SSH key pairs for secure communication</a></li> <li><a href="#2-default-location-to-save-the-key-pair">2. Default location to save the key pair</a></li> </ul> </li> <li><a href="#github-settings--ssh-and-gpg-keys">Github: Settings &gt;&gt; SSH and GPG keys</a> <ul> <li><a href="#paste-the-id_rsapub">Paste the id_rsa.pub</a></li> </ul> </li> <li><a href="#verify">Verify</a></li> </ul> </li> <li><a href="#fork">fork</a> <ul> <li> <ul> <li></li> </ul> </li> </ul> </li> </ul> </nav> </details> </nav><p>[TOC]</p>https://chw41.github.io/b1og/picoctf-2024-writeup/Wed, 27 Mar 2024 00:00:00 +0000https://chw41.github.io/b1og/picoctf-2024-writeup/<h1 id="picoctf-2024-writeup"> picoCTF 2024 writeup </h1><h1 id="table-of-contents"> Table of Contents </h1><nav class="chw-toc"> <details open> <nav id="TableOfContents"> <ul> <li><a href="#picoctf-2024-writeup">picoCTF 2024 writeup</a></li> <li><a href="#table-of-contents">Table of Contents</a></li> <li><a href="#picoctf">picoCTF</a></li> <li><a href="#general-skills-10">General Skills (10)</a> <ul> <li><a href="#time-machine">Time Machine</a> <ul> <li><a href="#time-machine-solution">Time Machine Solution</a></li> <li><a href="#get-flag">Get FLAG</a></li> </ul> </li> <li><a href="#commitment-issues">Commitment Issues</a> <ul> <li><a href="#commitment-issues-solution">Commitment Issues Solution</a></li> <li><a href="#1-查看git-log">1. 查看git log</a></li> <li><a href="#21-還原git-版本">2.1 還原Git 版本</a></li> <li><a href="#22-查看git-詳細資訊">2.2 查看Git 詳細資訊</a></li> <li><a href="#get-flag-1">Get FLAG</a></li> </ul> </li> <li><a href="#binary-search">Binary Search</a> <ul> <li><a href="#binary-search-solution">Binary Search Solution</a></li> <li><a href="#get-flag-2">Get FLAG</a></li> </ul> </li> <li><a href="#dont-you-love-banners">dont-you-love-banners</a> <ul> <li><a href="#dont-you-love-banners-solution">dont-you-love-banners Solution</a></li> </ul> </li> </ul> </li> <li><a href="#web-exploitation-7">Web Exploitation (7)</a> <ul> <li><a href="#bookmarklet">Bookmarklet</a> <ul> <li><a href="#bookmarklet-solution">Bookmarklet Solution</a></li> <li><a href="#get-flag-3">GET FLAG</a></li> </ul> </li> <li><a href="#webdecode">WebDecode</a> <ul> <li><a href="#webdecode-solution">WebDecode Solution</a></li> <li><a href="#get-flag-4">GET FLAG</a></li> </ul> </li> <li><a href="#unminify">Unminify</a> <ul> <li><a href="#unminify-solution">Unminify Solution</a></li> <li><a href="#get-flag-5">GET FLAG</a></li> </ul> </li> <li><a href="#introtoburp">IntroToBurp</a> <ul> <li><a href="#introtoburp-solution">IntroToBurp Solution</a></li> <li><a href="#get-flag-6">GET FLAG</a></li> </ul> </li> <li><a href="#no-sql-injection">No Sql Injection</a> <ul> <li><a href="#no-sql-injection-solution">No Sql Injection Solution</a></li> <li><a href="#nosql-injection">NoSQL injection</a></li> <li><a href="#get-flag-7">GET FLAG</a></li> </ul> </li> <li><a href="#trickster">Trickster</a> <ul> <li><a href="#trickster-solution">Trickster Solution</a></li> <li><a href="#get-flag-8">GET FLAG</a></li> </ul> </li> <li><a href="#elements">elements</a> <ul> <li><a href="#elements-solution">elements Solution</a></li> <li><a href="#code-review">Code Review</a></li> </ul> </li> </ul> </li> <li><a href="#cryptography-5">Cryptography (5)</a> <ul> <li><a href="#interencdec">interencdec</a> <ul> <li><a href="#interencdec-solution">interencdec Solution</a></li> <li><a href="#get-flag-9">GET FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#forensics-8">Forensics (8)</a> <ul> <li><a href="#scan-surprise">Scan Surprise</a> <ul> <li><a href="#scan-surprise-solution">Scan Surprise Solution</a></li> <li><a href="#get-flag-10">GET FLAG</a></li> </ul> </li> <li><a href="#verify">Verify</a> <ul> <li><a href="#verify-solution">Verify Solution</a></li> </ul> </li> <li><a href="#canyousee">CanYouSee</a></li> <li><a href="#secret-of-the-polyglot">Secret of the Polyglot</a> <ul> <li><a href="#secret-of-the-polyglot-solution">Secret of the Polyglot Solution</a></li> <li><a href="#get-flag-11">GET FLAG</a></li> </ul> </li> <li><a href="#mob-psycho">Mob psycho</a> <ul> <li><a href="#mob-psycho-solution">Mob psycho Solution</a></li> <li><a href="#get-flag-12">GET FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#binary-exploitation-10">Binary Exploitation (10)</a> <ul> <li><a href="#format-string-0">format string 0</a> <ul> <li><a href="#format-string-0-solution">format string 0 Solution</a></li> <li><a href="#get-flag-13">GET FLAG</a></li> </ul> </li> <li><a href="#heap-0">heap 0</a> <ul> <li><a href="#heap-0-solution">heap 0 Solution</a></li> <li><a href="#get-flag-14">GET FLAG</a></li> </ul> </li> </ul> </li> <li><a href="#final-team-score">Final Team Score</a> <ul> <li> <ul> <li></li> </ul> </li> </ul> </li> </ul> </nav> </details> </nav><p>[TOC]</p>