AppVenture by NUS High

Cybersecurity Division

From student-organized CTFs to articles on making software secure, here is a showcase of what we have to offer.

Psst... Join us at ctf.nush.app for seasonal challenges set by yours truly!


Write-ups
Blog

Write-ups

[AVCTF2021] Super Secure Trustable Implementation

I've added a bunch of filters, so my app must be really secure now. Flag in flag.txt URL: http://35.240.143.82:4209/ The source, main.py is included hence we should take a look. import secrets from

Posted 21. December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] Printwriter 1

My wonderful app works both as an echo server and a file lister! Bet you can't hack it! nc 35.240.143.82 4203 Only the compiled chal file was given, after decompiling it with Ghidra, I get

Posted 21. December 2021 by Zhao YunZhao Yun

CTFWrite-up

[AVCTF2021] AppVenture Login Part 2

Ok, you got the flag, but I bet you'll never get my password! Basing off the description, the flag is probably the password. Even though we logged in as admin in the last challenge, we do not know

Posted 21. December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] Espace 0

The hardest challenge of the web category, but was actually solved before Login Part 0 since my brain was dead You've used espace2, but what about espace0? Flag in flag.txt URL:

Posted 21. December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] AppVenture Login Part 1

Well, I haven't taken CS6131 yet but databases should be easy right?? From the description we can see the keyword databases, based on prior knowledge of the module CS6131, we can be pretty sure

Posted 21. December 2021 by Zhao YunZhao Yun

WebCTFWrite-up

[AVCTF2021] AppVenture Login Part 0

AppVenture Login page must be the most secure right? URL: http://35.240.143.82:4208/ Hint: What's the first thing you do when pentesting a website? One of the common files that websites contain

Posted 21. December 2021 by Zhao YunZhao Yun

WebCTFWrite-up