# IJCTF 2021

## Web

### SodaFactory

Welcome to my SodaFactory.

Note: You don’t need any bruteforce

Author: TheGrandPew#0740

https://book.hacktricks.xyz/pentesting-web/ssti-server-side-template-injection

### Memory

Do you remember the past? You lived hard. Now, you need to take some rest by remembering your past.

Run /flag

Note: You don’t need any bruteforce. The provided phpinfo has all the information for solving this challenge. So, I’ll not provide Dockerfile of this challenge.

Author:sqrtrev#9113

## Forensic

### Riddle Joker

Joker has returned from his imprisonment. Rumour says that he’s scheming a new evil operation by implanting several bombs at a local bank. Each of bomb has a tag information that might be a clue for finding Joker’s secret.

Author: Avilia#1337

https://blog.didierstevens.com/2008/05/07/solving-a-little-pdf-puzzle/

https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/

### Vault

A robber broke into a our vault in the middle of night. There’s an indication that the robber tried to steal some items which are considered as a confidential asset. Could you figured it out?

Flag format: IJCTF{[a-f0-9]{32}}

Author: Avilia#1337

When incident happened, the attacker got into our IP over ICMP tunnel network to access HTTP/2 web-server with SSL enabled

Even so, our captured logs aren’t precise enough. Each packet has an unusual timestamp and it’s kinda messsy…

#### 流量包处理

https://github.com/friedrich/hans

https://www.wireshark.org/docs/man-pages/editcap.html