James Cao
WannaGame Freshman CTF 2025 - Wave Second For Git

WannaGame Freshman CTF 2025 - Wave Second For Git Write-up

Room / Challenge: Wave Second For Git (Misc) Metadata Author: jameskaois CTF: WannaGame Freshman CTF 2025 Challenge: Wave Second For Git (Misc) Difficulty: Medium Points: 451 Solves: 8 Date: 06-10-2025 Goal We have to get the flag by using Git cli. My Solution Here is the source, you can download it here There is the flag.txt with this content: VzF7ZzF0aHViXw== It is encoded with base64 algorithm, it is easy to decode it, result is the first part of the flag: ...

October 6, 2025 · 1 min
WannaGame Freshman CTF 2025 - Open Read Flag

WannaGame Freshman CTF 2025 - Open Read Flag Write-up

Room / Challenge: Open Read Flag (Web) Metadata Author: jameskaois CTF: WannaGame Freshman CTF 2025 Challenge: Open Read Flag (web) Target / URL: http://61.28.236.247:10000/ Difficulty: Medium Points: 484 Solves: 5 Date: 06-10-2025 Goal We have to get the flag by leveraging the view file functionality. My Solution Here is the source code, you can download and examine it here The website is simple with just a read file functionality. ...

October 6, 2025 · 2 min
WannaGame Freshman CTF 2025 - Admin Toi

WannaGame Freshman CTF 2025 - Admin Toi Write-up

Room / Challenge: Admin Tồi (Web) Metadata Author: jameskaois CTF: WannaGame Freshman CTF 2025 Challenge: Admin Tồi (web) Target / URL: http://61.28.236.247:9000/ Difficulty: Medium Points: 419 Solves: 10 Date: 06-10-2025 Goal We have to get the flag by leveraging the vuln in authentication feature My Solution Here is the source code, you can download and examine it here This is the home page of the website. Let’s try creating an account and logging in to it to see what we got. ...

October 6, 2025 · 3 min
SunShine CTF 2025 - Intergalactic Webhook Service

SunShine CTF 2025 - Intergalactic Webhook Service Write-up

Room / Challenge: Intergalactic Webhook Service (Web) Metadata Author: jameskaois CTF: SunShine CTF 2025 Challenge: Intergalactic Webhook Service (web) Target / URL: https://supernova.sunshinectf.games/ Difficulty: Easy Points: 10 Date: 01-10-2025 Goal We have to get the flag by leveraging the vuln in webhook service. My Solution Here is the source code, you can download it here. The backend has this vulnerable code: def is_ip_allowed(url): parsed = urlparse(url) host = parsed.hostname or '' try: ip = socket.gethostbyname(host) except Exception: return False, f'Could not resolve host' ip_obj = ipaddress.ip_address(ip) if ip_obj.is_private or ip_obj.is_loopback or ip_obj.is_link_local or ip_obj.is_reserved: return False, f'IP "{ip}" not allowed' return True, None This code takes the URL, if hostnames -> IP address using the DNS. If IP is private (like 192.168.x.x), loopback (127.0.0.1) it will be blocked. ...

October 6, 2025 · 1 min
SunShine CTF 2025 - Lunar File Invasion

SunShine CTF 2025 - Lunar File Invasion Write-up

Room / Challenge: Lunar File Invasion (Web) Metadata Author: jameskaois CTF: SunShine CTF 2025 Challenge: Lunar File Invasion (web) Target / URL: https://asteroid.sunshinectf.games Difficulty: Medium / Hard Points: 463 Date: 30-09-2025 Goal We have to get the flag by getting admin authentication and leveraging vulnerability. My Solution There are no routes in the home page that we can visit normally. Visit /robots.txt we can see the content: ...

October 6, 2025 · 2 min
SunShine CTF 2025 - Web Forge

SunShine CTF 2025 - Web Forge Write-up

Room / Challenge: Web Forge Hub (Web) Metadata Author: jameskaois CTF: SunShine CTF 2025 Challenge: Web Forge Hub (web) Target / URL: https://wormhole.sunshinectf.games/ Difficulty: Medium Points: 363 Date: 29-09-2025 Goal We have to get the flag through SSRF Tool My Solution This is the home page when we visit the website. Through the content of the home page, and the menu links we just have the SSRF Tool which is in /fetch url where we can take step in it. ...

October 6, 2025 · 4 min
SunShine CTF 2025 - Lunar Shop

SunShine CTF 2025 - Lunar Shop Write-up

Room / Challenge: Lunar Shop (Web) Metadata Author: jameskaois CTF: SunShine CTF 2025 Challenge: Lunar Shop (web) Target / URL: https://meteor.sunshinectf.games Difficulty: Easy Points: 10 Date: 30-09-2025 Goal We have to get the flag by using a vulnerability in the query of product id. My Solution There are just 3 routes we can gather information in this website: /, /products, /product?product_id. Home page: Products page: Product item details page: ...

October 6, 2025 · 1 min
SunShine CTF 2025 - Lunar Auth

SunShine CTF 2025 - Lunar Auth Write-up

Room / Challenge: Lunar Auth (Web) Metadata Author: jameskaois CTF: SunShine CTF 2025 Challenge: Lunar Auth (web) Target / URL: https://comet.sunshinectf.games Difficulty: Easy Points: 10 Date: 06-10-2025 Goal We have to get the flag by bypass the admin authentication. My Solution This is the home page, there aren’t any useful information. Try access https://comet.sunshinectf.games/robots.txt, the content is: # tired of these annoying search engine bots scraping the admin panel page logins: Disallow: /admin This is the content of /admin, there is a login form, we have to bypass this to get access as admin. ...

October 6, 2025 · 2 min
Crew CTF 2025 - Professor View

Crew CTF 2025 - Professor View Write-up

Room / Challenge: Professor’s View (Web) Metadata Author: jameskaois CTF: CrewCTF 2025 Challenge: Professor’s View (web) Target / URL: https://professors-view.chal.crewc.tf/ Difficulty: Hard Points: 477 Tags: web, xss, sqli, auth, enumeration Date: 21-09-2025 Goal We have to get the flag of the Professor which is showned in his dashboard. My Solution Here is the Source Code Unlike Hate Notes and Love Notes, Professor’s View response is set: Content-Security-Policy: script-src 'self' https://js.hcaptcha.com/1/api.js; style-src 'self'; img-src 'self'; font-src 'none'; connect-src 'none'; media-src 'none'; object-src 'none'; prefetch-src 'none'; frame-ancestors 'none'; form-action 'self'; So from now on we can skip the XSS and CSS Exfiltration. ...

September 26, 2025 · 2 min
Crew CTF 2025 - Hate Notes

Crew CTF 2025 - Hate Notes Write-up

Room / Challenge: Hate Notes (Web) Metadata Author: jameskaois CTF: CrewCTF 2025 Challenge: Hate Notes (web) Target / URL: https://hate-notes.chal.crewc.tf/ Difficulty: Medium Points: 426 Tags: web, xss, sqli, auth, enumeration Date: 21-09-2025 Goal We have to get access to the flag crew{...} in the admin’s note which the bot can view. My Solution Love Notes and Hate Notes share 99% of their code, but Love Notes had many more solutions than Hate Notes: My Solution for Love Notes ...

September 26, 2025 · 2 min