SQL Injection on rainbowpigeon

TISC 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Mon, 22 Nov 2021 00:51:06 +0800

I could have been 5th place but unfortunately I did not officially qualify to be a real participant in this event. Still had a good time though, notwithstanding the fact that there was so much ‘steganography’ and quite a bit of guesswork at certain points :)

Details	Links
Official Event Information Page	https://www.csit.gov.sg/tisc/tisc-home
Official Event Landing Page	https://www.tisc.csit-events.sg/
Official Event Summary	https://www.csit.gov.sg/tisc/tisc-2021-summary

STANDCON CTF 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Sun, 25 Jul 2021 12:00:06 +0900

Good job to my team for obtaining 7th place! And also thanks to the challenge creators and organizers of course :)
🎵 Nicky Romero & MARF ft. Wulf - Okay🎵

BrainHack CDDC 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Fri, 25 Jun 2021 12:00:06 +0900

I joined the Junior Category this year and I’ll be frank: this was quite badly organized. It seems that they did not conduct any proper dry runs of the event. They had broken challenges (missing crucial challenge information, missing code in files, non-functional websites) and the worst thing is that they do not even announce when they are aware of the problem, when they are working on rectifying it, and when they have fixed it. Instead, we were left to figure out ourselves that a particular challenge file had been silently changed, or a vital piece of information was quietly added into some challenge description.
There were also insufficent challenges (or they were of inadequate difficulty) to cover the duration of the event, which rendered their plan and timing of staggered challenge releases meaningless. Many hours before each challenge-release checkpoint, the top teams were already tied by their scores and idling. This means that the final winner would essentially be based only on the last challenge-release – which was a Web mission comprising 3 challenges. But because the final Web challenge was inoperative, the top teams basically came to a tie again while waiting for the challenge to be fixed after solving the other 2. Initially, no one knew it was broken so we did not even know what payloads we sent were supposed to work. And when they said it was supposedly fixed, it wasn’t. Isn’t that disorienting?
Some more side points to note is that they delayed the winners announcement livestream 3 times for a total of 6 hours, and the live scoreboard was alphabetically sorted rather than based on time in the event that scores were tied.
Honestly, what’s even scarier is that I heard the Senior Category had even more serious issues, such as being only able to login a day after the competition started…

Anyway, big shoutout to my team for trying their best to find time to work on this together! We came in 3rd and that’s satisfactory.
🎵 Haywood - Backbeat was a really good tune that I put on for this CTF :)

NorzhCTF 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Mon, 24 May 2021 12:00:06 +0900

Very unique CTF! Alongside challenges that got you to work with provided files, there was an OSCP-virtual-labs-style network with both external-facing and internal developer and admin subnets. Network reconnaissance and pivoting had to be performed. Unfortunately, I solved little challenges as I only started seriously on the second day :) The delays and infrastructure issues doused the flames of my enthusiasm…

Details	Links
CTFtime.org Event Page	https://ctftime.org/event/1301

UMDCTF 2021 Writeups

rainbowpigeon.helge[AT]8alias.com (rainbowpigeon) — Tue, 27 Apr 2021 12:00:06 +0900

I appreciate the organizers for putting this CTF together because I enjoyed it a lot. It was at a very appropriate difficulty level for novices. Many thanks to my teammates for helping out. Even though it was only basically 2 active players 🙂, we managed to get 8th place, which I am pretty satisfied with considering our little experience.
🎵 For this CTF I was listening to Kygo - Gone Are The Days ft. James Gillespie!

Details	Links
CTFtime.org Event Page	https://ctftime.org/event/1288
Publicly-released challenges	https://github.com/UMD-CSEC/UMDCTF-2021-Public-Challenges