2023 Quals
write-up
Challenge |
Category |
Description |
Sharer |
web |
XSS and CSRF with Signed Exchange (SXG) feature. |
AMF |
web, misc |
Find an RCE gadget in Py3AMF |
2022 Quals
write-up
2023
Name |
Category |
Description |
Memes |
web |
imagepng + FTP PASV SSRF |
Name |
Category |
Description |
Genie |
Web, Crypto |
Genie.jl 0-day, Julia deserialization, Bit flipping |
Avatar |
Web |
Redis SSRF, CRLF injection, POP chain |
Welcome to TSJ CTF |
Web, Misc, CSC |
.DS_Store, Guessing |
2023 Final
Name |
Category |
Description |
WoW |
KoH |
Web-based 2D battle royale game |
2023 Quals
Name |
Category |
Description |
Monsieur de Paris |
Misc |
Python multiprocessing RPC (pickle) |
2022 Final
Name |
Category |
Description |
npy viewer |
Web |
0-day in jpickle |
Imgura Final |
Web, A&D |
PHP A&D challenge |
2022 Quals
2021 Quals
All of my challenges in this CTF are related to Python XD
2022
Name |
Category |
Description |
Double AES |
Crypto |
OFB(ECB(data)), cut & paste, JSON |
ASTJail |
Misc |
PyJail |
TariTari |
Web |
Warmup, path traversal, command injection |
Best Login UI |
Web |
NoSQL injection |
Emoji DB |
Web |
SQL Server SQL injection |
Gallery |
Web |
Upload SVG to XSS, default-src 'self' |
2021
Web | Reverse | Misc
Name |
Category |
Keywords |
π° Peekora π₯ |
Reverse |
Pickle Bytecode |
ⲩβ²β²§ β²β²β²β²§β²β²κ
π΅β²π°β²β² β²£β²π°β² |
Web |
JSON injection |
γ5/22 ιθ¦ε
¬εγ |
Web |
LFI, SQL injection, Command injection |
XSS Me |
Web |
XSS with length limit |
Cat Slayerα΄΅βΏα΅α΅Κ³Λ’α΅ |
Web |
Java Deserialization, Reflection |
Cat Slayer | Cloud Edition |
Misc |
Pickle, ECB Cut&Paste |
Cat Slayer | Online Edition |
Misc |
Game, Python Sandbox |