Skip to content

mdulin2/SC5

Folders and files

NameName
Last commit message
Last commit date

Latest commit

af88789 · Feb 14, 2024

History

2 Commits
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024
Feb 14, 2024

Repository files navigation

Challenges for SC5 - Spokane Cyber Cup V

Web (11)

  • Lottery:
    • Redis duplicate key caching bug
  • Regex is Evil
  • user agent:
    • Set the user agent to a special value to bypass auth
  • amazon:
    • Breaking OTP
  • Racey:
    • Race condition
  • Injection city (6):
    • Command injection
    • Argument injection
    • Code injection
    • Template injection
    • SQL injection
    • XSS

Binary (10)

  • Basic memory corruption series(5):
    • Corrupting a variable
    • Controlling the variable
    • Hijacking the control flow on function pointer
    • Hijacking the control flow on RET address
    • Shellcode - your own code
    • Reused with mods from years past: https://github.com/mdulin2/SC3/tree/master/buf_series was used in years past.
  • JavaScript ROP
  • Airline creator (4):
    • What's my seat?
    • First mod - name
    • Second mod - ticket class
    • Check yourself before you wreck yourself

Linux

  • No chars
  • Odd

Reverse Engineering (6)

  • GameBoy (gameboy) (2):
    • Hackermon Null challenge 1: strings or hex editor to read password
    • Hackermon Null challenge 2: Use emulator w/ debugger to tamper memory
  • tpm_decode (2):
    • Find the command
    • Find the secret being stored
  • Cracking:
    • Easy way out
    • A little salt

Cryptography (4)

Blockchain (3)

  • Mining - pseudo bitcoin mining
  • Blockchain apprentice - OSINT on blockchain
  • Bad key gen - brute forcing keys

OSINT

  • Hotel finding from only an image (Vanessa)
  • Google Dork
  • DNS Scavenger hunt (3):
    • MX
    • Hosting Provider
    • Domain Registration Lookup

Other Challenges (7)

  • Phreaking (4)
    • ABCD
    • Blue box (coins)
    • Red box (free calls)
    • Calling card (unused bonus challenge)
  • LLMs (chatgpt) (2):
    • Programmer Helper 3.5 (challenge 1): Bypass system prompt to make the GPT-3.5 chatbot say the forbidden word.
    • Programmer Helper 4 (challenge 2): Bypass system prompt to make the GPT-4 chatbot say the forbidden word.
  • Magician:
    • Reverse engieering and decoding some content.

About

Spokane Cyber Cup challenges - year 5!

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published