root@kairos:~
  • About Me
    • 👋$ whoami
  • CTFs
    • $ ls CTFs
      • Magnet User Summit CTF 2023
      • GreyCTF'23
      • SEETF'23
      • CDDC BrainHack 2023
      • Magnet Virtual Summit CTF 2023
  • Labs
    • $ echo "TryHackMe"
      • Basic Pentesting
      • OhSINT
      • BluePrint
    • $ echo "PortSwigger Challenges"
      • SQL Injection
Powered by GitBook
On this page
  • Crypto
  • 1. Baby Crypto
  • Misc
  • 1. CrashPython
  1. CTFs
  2. $ ls CTFs

GreyCTF'23

Grey Cat The Flag CTF

PreviousMagnet User Summit CTF 2023NextSEETF'23

Last updated 1 year ago

Background:

Grey Cat The Flag CTF, or GreyCTF is hosted by in collaboration with . I joined this CTF as a with my friends, Domi and Bowen. Altogether, we solved 6 challenges, placing us 57th place in the Singapore category and 147th place in the open category out of 454 teams.

Crypto

1. Baby Crypto

whuo{squi4h_sifx3h_v0h_co_i4b4T}

Pretty simple challenge, it is a cipher. Caesar cipher, to be exact. So I just used dcode.fr for this.

The flag was found! "grey{caes4r_csph3r_f0r_my_s4l4D}"

Misc

1. CrashPython

I didn't get the screenshot of the full page unfortunately, but the gist of it was that there was a placeholder to input python code to run to cause a crash (through segmentation fault), but the code had to fulfil the requirements of the blacklist. The blacklist included keywords that couldn't be used in the code.

Initially, I tested with a stack overflow error with infinite recursion as such:

def recursion():
    recursion()

recursion()

But it didn't work. My teammate then told me (Eureka moment...) that it didn't meet the requirements of a segmentation fault. I then looked around for solutions to cause a segmentation fault.

I ended up with this simple code:

import ctypes
def segfault():
    # Access an invalid memory location
    ctypes.string_at(0)

segfault()

And that worked!

NUS Greyhats
National Cybersecurity R&D Labs
team