2023 Quals
write-up
| Challenge |
Category |
Description |
| Sharer |
web |
XSS and CSRF with Signed Exchange (SXG) feature. |
| AMF |
web, misc |
Find an RCE gadget in Py3AMF |
2022 Quals
write-up
2023
| Name |
Category |
Description |
| Memes |
web |
imagepng + FTP PASV SSRF |
| Name |
Category |
Description |
| Genie |
Web, Crypto |
Genie.jl 0-day, Julia deserialization, Bit flipping |
| Avatar |
Web |
Redis SSRF, CRLF injection, POP chain |
| Welcome to TSJ CTF |
Web, Misc, CSC |
.DS_Store, Guessing |
2023 Final
| Name |
Category |
Description |
| WoW |
KoH |
Web-based 2D battle royale game |
2023 Quals
| Name |
Category |
Description |
| Monsieur de Paris |
Misc |
Python multiprocessing RPC (pickle) |
2022 Final
| Name |
Category |
Description |
| npy viewer |
Web |
0-day in jpickle |
| Imgura Final |
Web, A&D |
PHP A&D challenge |
2022 Quals
2021 Quals
All of my challenges in this CTF are related to Python XD
2022
| Name |
Category |
Description |
| Double AES |
Crypto |
OFB(ECB(data)), cut & paste, JSON |
| ASTJail |
Misc |
PyJail |
| TariTari |
Web |
Warmup, path traversal, command injection |
| Best Login UI |
Web |
NoSQL injection |
| Emoji DB |
Web |
SQL Server SQL injection |
| Gallery |
Web |
Upload SVG to XSS, default-src 'self' |
2021
Web | Reverse | Misc
| Name |
Category |
Keywords |
| π° Peekora π₯ |
Reverse |
Pickle Bytecode |
| ⲩβ²β²§ β²β²β²β²§β²β²κ
π΅β²π°β²β² β²£β²π°β² |
Web |
JSON injection |
| γ5/22 ιθ¦ε
¬εγ |
Web |
LFI, SQL injection, Command injection |
| XSS Me |
Web |
XSS with length limit |
| Cat Slayerα΄΅βΏα΅α΅Κ³Λ’α΅ |
Web |
Java Deserialization, Reflection |
| Cat Slayer | Cloud Edition |
Misc |
Pickle, ECB Cut&Paste |
| Cat Slayer | Online Edition |
Misc |
Game, Python Sandbox |