AppVenture by NUS High

Cybersecurity Division

From student-organized CTFs to articles on making software secure, here is a showcase of what we have to offer.

Write-ups
Blog

Write-ups

CDDC 2023

In the middle of Rust Tags: rev we are given a challenge.mir. Apparently mir (mid-level intermediate reprsentation) is a transient file that the rust compiler uses. It consists of many, many

Posted 05 July 2023 by Leng Kane KiatLeng Kane Kiat

CTFWrite-up

SeeTF 2023 Writeups

Onelinecrypto Category: Crypto Entire Challenge: How to bypass this line? assert __import__('re').fullmatch(r'SEE{\w{23}}',flag:=input()) and not int.from_bytes(flag.encode(),'big')%13**37 The assert

Posted 21 June 2023 by Hugo Maximus LimHugo Maximus Lim

CTFWrite-up

[AVCTF2021] Printwriter 1

My wonderful app works both as an echo server and a file lister! Bet you can't hack it! nc 35.240.143.82 4203 Only the compiled chal file was given, after decompiling it with Ghidra, I get

Posted 21 December 2021 by Zhao YunZhao Yun

CTFWrite-up

[AVCTF2021] Super Secure Trustable Implementation

I've added a bunch of filters, so my app must be really secure now. Flag in flag.txt URL: http://35.240.143.82:4209/ The source, main.py is included hence we should take a look. import secrets from

Posted 21 December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] AppVenture Login Part 2

Ok, you got the flag, but I bet you'll never get my password! Basing off the description, the flag is probably the password. Even though we logged in as admin in the last challenge, we do not know

Posted 21 December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] Espace 0

The hardest challenge of the web category, but was actually solved before Login Part 0 since my brain was dead You've used espace2, but what about espace0? Flag in flag.txt URL:

Posted 21 December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] AppVenture Login Part 0

AppVenture Login page must be the most secure right? URL: http://35.240.143.82:4208/ Hint: What's the first thing you do when pentesting a website? One of the common files that websites contain

Posted 21 December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] AppVenture Login Part 1

Well, I haven't taken CS6131 yet but databases should be easy right?? From the description we can see the keyword databases, based on prior knowledge of the module CS6131, we can be pretty sure

Posted 21 December 2021 by Zhao YunZhao Yun

WebCTFWrite-up