Down to the Wire

Posts by Matthew Savage

PlaidCTF 2020: Catalog Writeup

PlaidCTF 2020, with the theme Ready Pwner One, ran from April 17 to 19. We had a lot of very difficult problems, and all of them got solved… except for one:

Oops

At this point, it should probably come as little surprise that Catalog is one of mine; I don’t have the best record at having all of my problems solved (see: Toaster Wars Stormy Flag, idIoT: Lights). Here, I’ll discuss the intended solution to the problem, and a little behind-the-scenes look at what led me to write this problem and what I’d do differently if I had the chance to do it again.

Toaster Week Part 4: TW2.5 Blazing Flag

It occurred to me about a month ago that I never published author writeups for the “Toaster Wars: Going Rogue” CTF problems from PicoCTF 2017 and PlaidCTF 2017, which is particularly troubling since one of them wasn’t actually solved in contest! To remedy this, and in celebration of the release of a new game in the series that inspired these problems later this week, I’ll be posting writeups for all of the Toaster Wars problems over the course of the week.

For day four, I’ll be talking about the Blazing Flag from PlaidCTF 2017.

Toaster Week Part 3: TW2.5 Light Flag

It occurred to me about a month ago that I never published author writeups for the “Toaster Wars: Going Rogue” CTF problems from PicoCTF 2017 and PlaidCTF 2017, which is particularly troubling since one of them wasn’t actually solved in contest! To remedy this, and in celebration of the release of a new game in the series that inspired these problems later this week, I’ll be posting writeups for all of the Toaster Wars problems over the course of the week.

For day three, I’ll be covering the first of the three Toaster Wars problems from PlaidCTF 2017: the Light Flag.

Toaster Week Part 2: TW_GR_E3_GtI and TW_GR_E4_STW

It occurred to me about a month ago that I never published author writeups for the “Toaster Wars: Going Rogue” CTF problems from PicoCTF 2017 and PlaidCTF 2017, which is particularly troubling since one of them wasn’t actually solved in contest! To remedy this, and in celebration of the release of a new game in the series that inspired these problems later this week, I’ll be posting writeups for all of the Toaster Wars problems over the course of the week.

For day two, I’ll be talking about the harder Toaster Wars problems from PicoCTF 2017: TW_GR_E3_GtI and TW_GR_E4_STW.

Toaster Week Part 1: TW_GR_E1_ART and TW_GR_E2_EoTDS

It occurred to me about a month ago that I never published author writeups for the “Toaster Wars: Going Rogue” CTF problems from PicoCTF 2017 and PlaidCTF 2017, which is particularly troubling since one of them wasn’t actually solved in contest! To remedy this, and in celebration of the release of a new game in the series that inspired these problems later this week, I’ll be posting writeups for all of the Toaster Wars problems over the course of the week.

I’ll be going in order, so to start off, today I’ll be talking about the first the first two problems from PicoCTF 2017: TW_GR_E1_ART and TW_GR_E2_EoTDS.

GoGo PowerSQL Writeup (HITCON 2019)

This problem provided us with both a site and a download with a handful of files including a query binary and a Dockerfile.

Starting with the site, it seemed to be a basic search of some kind, though it filters out anything that’s not alphabetic. (For example, searching 1 seems to dump the entire DB.) Nothing particularly useful there.

Next we chose to take a look at that Dockerfile.

PlaidCTF 2018: I Heard You Like IoT

For PlaidCTF a few weeks ago, I created a series of problems titled “idIoT”. In this series of challenges, players got the opportunity to attack two websites, a Google Home, an FTP server, a WiFi camera, and a Particle Photon. Participants seemed to enjoy these challenges, so I thought I’d do a little writeup on the creation of these challenges and my own solution guide, like the one Zach did for S-Exploitation last week.

Zeros and Ones - TypeScript

Hey there! I’m Matthew, and for my inaugural post I’m going to start a hopefully-recurring segment called “Zeros and Ones” - essentially, opinions on a given topic broken down into zeros (negatives) and ones (positives). Today’s post will discuss a language I’ve fallen in love with over the past couple of months: Typescript.

If you’re not familiar with TypeScript, it’s a superset of JavaScript that adds the ability to annotate variables with types. It was created by and is maintained by Microsoft, who introduced it in Ocotober 2012.