
🏴 🏴 🏴

Primary LanguagePython

My CTF Challenges


2023 Quals


Challenge Category Description
Sharer web XSS and CSRF with Signed Exchange (SXG) feature.
AMF web, misc Find an RCE gadget in Py3AMF

2022 Quals


Name Category Description
🎲 RCE web Warmup Challenge
πŸ’£ Self Destruct Message web XSS
🎧 S0undCl0ud web Python generator, mimetypes library
πŸ“ƒ web2pdf web mpdf 0-day
V O I D misc Using OOB bytecodes to escape PyJail
πŸ₯’ Picklection misc Pickle Jail

Balsn CTF


Name Category Description
Memes web imagepng + FTP PASV SSRF

TSJ CTF 2022

Name Category Description
Genie Web, Crypto Genie.jl 0-day, Julia deserialization, Bit flipping
Avatar Web Redis SSRF, CRLF injection, POP chain
Welcome to TSJ CTF Web, Misc, CSC .DS_Store, Guessing


2023 Final

Name Category Description
WoW KoH Web-based 2D battle royale game

2023 Quals

Name Category Description
Monsieur de Paris Misc Python multiprocessing RPC (pickle)

2022 Final

Name Category Description
npy viewer Web 0-day in jpickle
Imgura Final Web, A&D PHP A&D challenge

2022 Quals

Name Category Description
SSRF challenge or not? Web file://, signed pickle cookie, Bottle
Happy Metaverse Year Web Union+blind based SQLi
babyphp Web .htaccess, php://filters chain
GistMD Web JSONP, DOM clobbering
Imgura album Web Path traversal, PHP session , POP chain in Flight framework
LeetCall Misc Write Python with only Call, Name and Constant nodes
babyheap Misc argument injection (wget, zip)

2021 Quals

Name Category Keywords
WTF Web php wrapper, file command
CYBERPUNK 1977 Web SQL injection, quine, python format string
CTF Note Web prototype pollution (gadget in markdown-js), DOM clobbering, RPO
3DUSH3LL Misc Pyjail

2021 Final

All of my challenges in this CTF are related to Python XD

Name Category Keywords
Pikora Misc PPC but use pickle
Cat Translator Misc Troll, PyJail
Cat Slayer Reverse Python bytecode (pvc)

AIS3 Pre-Exam


Name Category Description
Double AES Crypto OFB(ECB(data)), cut & paste, JSON
ASTJail Misc PyJail
TariTari Web Warmup, path traversal, command injection
Best Login UI Web NoSQL injection
Emoji DB Web SQL Server SQL injection
Gallery Web Upload SVG to XSS, default-src 'self'


Web | Reverse | Misc

Name Category Keywords
🐰 Peekora πŸ₯’ Reverse Pickle Bytecode
ⲩⲉⲧ β²β²›β²Ÿβ²§β²β²‰κž… π“΅β²Ÿπ“°β²“β²› ⲣⲁ𝓰ⲉ Web JSON injection
【5/22 ι‡θ¦ε…¬ε‘Šγ€‘ Web LFI, SQL injection, Command injection
XSS Me Web XSS with length limit
Cat Slayerᴡⁿᡛᡉʳ˒ᡉ Web Java Deserialization, Reflection
Cat Slayer | Cloud Edition Misc Pickle, ECB Cut&Paste
Cat Slayer | Online Edition Misc Game, Python Sandbox