Published on Saturday, November 23, 2024
I had a great time at Cybersci this year with our completely new team out of Langara College. Despite having less than 3 months to practice, we were able to place 4th in Vancouver and 17th overall, which I am very proud of and is a great result for a completely new CTF team with no previous experience.
Below are the problems that I attempted/solved during the competition.
The flag is provided when you load the test page through the VPN connection.
FastAPI has 3 special routes: /docs, /redoc, and /openapi.json. You can find all routes of the API by accessing any of those pages.
Did not finish. It appeared that Llama was returning completely random names when asked who the current candidates were. As well, the database call for candidates needed to be changed from candidate='true' to candidate='True'.
For this and the following challenges, I used Remote-SSH with VSCode on my Windows 11 environment, which was more comfortable for me to test and debug with.
When users send a message, they send it in the form "RandomName9000 : what is my email?`. There is also a session token that is set which is the user's username in base64. Some calls would send a message with one user in the message, and a completely different message in the session cookie.
This can be fixed by checking for usernames in the message and replacing it with the real username, which is the session token decoded with base64.