#general

do you release the solves after the competition

up to the challenge author

is there an issue doing these on mac lol

which one

the challenges in general

not those netcat ones

no

you can make a linux vm

if you want to

mac is the superior os so of course there would be no problems

^

😮

No

Macos sucks

run a mac VM on windows

Hmm

rpisec op

I am so jelly at the first places lmao

@vale hamlet jjelly

did you say jelly

!say pp poopoo

!coinflip pp poopoo

No, you should probably not pp poopoo.

dang it

lol yeah

!coinflip @vale hamlet be jelly

Yes, you should absolutely @​Epifor#9116 be jelly.

lol

!coinflip pp,poopo

Yes, you should absolutely pp,poopo.

hm

I thought PFS stood for planetary file system

pwning for soju

sice-sice baby

https://tenor.com/view/cute-dog-wink-gif-12510229

😉

Almost the end of day1 and I still have only 1 point... Never felt that bad...

Corrupted Pwnies

i heard you get jurisdiction over #misc now

Try the baby challenges, like sice sice baby

ah yes, sice sice baby, perfect for beginners 🙂

try babier csp

dm me if u want a hint or some feedback on what steps you're trying

I spent hours trying all the xss payload I could think of. I think I need a break to come to it with a fresher mind

try seeing what nonces do

specificaly for csp

Thanks I'll look at it after the break

don't be so hard on yourself mate

it's alright you can do this

live ctfs take time to do anyway

best of luck!

@covert berry I'm in the same boat, first ctf btw. We got this!

That's not the first one for me. But that's the first time I fail that hard :)

But I'm sure I'll find something before the end, and learn a lot reading the writeups

When you're at the bottom, you can only go up

I start to be so so curious about the dice is you thing hahaha

that's the spirit champ.

idk how to troubleshoot ghidra 😦

not unless a black hole opens on the opposite polar and you get sucked down through earths core :/

just sayin, it always can be worse

!coinflip funny

Yes, you should absolutely funny.

!coinflip

No, you should probably not <:lemonthink:805962564991057920>.

!coinflip @everyone

Yes, you should absolutely @​everyone.

fair enough

is bargebot written in rust

python

http://github.com/ginkoid/bargebot

doing babymix atm and im stuck lol

youre late to the party champ

i tried everything

!fleg

what the fuck is this command

try it in #flag

i did lol

did{gong}

can anyone give me a hint on babymix

what the fuck is this

idk

btw at the end of the ctf where will i be able to read writeups

https://ctftime.org/event/1236/tasks/

challenge authors might post the intended solution on their blogs, too

Can someone publish a writeup for Missing Flavortext now ?

no, that's strictly against the rules 😦

babymix seems like a pain. im struggling too.

thank you

Ah damn it, didn't see that coming...

yeah i know ive been at it for a while now

i recommend using ghidra

for rev

Would do ctf but too dumb :) and.... don’t wanna break my skull

breaking my skull is really relatable

other challenges are going to be published? (which category if any?)

#announcements message

there will be at least one challenge in every category except quantum

any additional challenges will be released in about 3 hours and 20 minutes

thx

misc 👀

o also misc

oh wait

survey

:^)

hey guys

don't be like this

thank you

🙂

also don't do this :^)

wtf ethan don't leak the solution

now they'll know that

if you try a random amount of underscores

in a random amount of paths

with dots randomly strewn about

they'll get the flag

obviously

wtf does libc like dynamically update the copyright year when you run it or something

tf is this

its 2021 though 🤔

2.31 came out in 2020 I thought?

early

nvm i am stupid i forgot the the loader tries to load from library path

./libc.so.6 was correct

i hope it works on remote now

🙏

👀

exp.cc 👀

👀

timeout killing me

😭

how long is the timeout ?

@stiff prism

90 seconds

i might have to setup a vps now

hmm okay

reminder: don't be like this 🙂

you're causing our monitoring system to ping us for the traffic and it's getting kinda annoying

i get the feeling the ppl doing that aren't seeing your messages

me too 🙂

ban

cant you just ip ban them

or work out their username/team name from the ip, and give them a stern talking to?

we haven't started 🔨ing yet but probably will if it continues

are u guys ready for more challs?

Sure, we already completed like ... three!

now that sice sice baby has been blooded, get ready for sice sice adult

true

0/10 no new challs 😡

time to CANCEL organisers

TRUE

👀

no more challenges allowed

it's past 24hrs

DiceGang will not be held legally accountable

Our lawyers told us we will be fine

smh poor infrastructure

⭐

challs are up now 🙂

24hrs is halfway?

yep

sick

Admins, I think my ip has been blocked, can someone help me?
I swear I will stop fuzzing! 🙂

dm with ip

lmao

lmao

lmao

oop

i love this emoji

fool, you broke the chain

hm?

whoever solves adult csp first gets 100000000 pandaman ®️ pandapoints ™️

why is there no vc channels

LOL

did someone put one of those discord cache windows defender triggering things in here

Rob should offer a 3d printed trophy for first blooder of adult csp

@lean chasm lol

very hard to moderate vc

@lean chasm it's a vbs reverse shell script hidden with stego

it's a discord rce

i will give 4 cookies

to whoever solves adult csp first

il give 3

bananas

2 grapes

and 1 apple

( :

,s

BRUH WHAT DID HE SAY

no one will know

🙃

,snipe

o that means i owe pernicious 3 virtual cookies

B R O

-__-

not if i steal those cookies from u

better watch out i'm bringing the grandma that bakes those cookies

; p

will challenge authors be posting solutions/writeups when the ctf is over?

up to authors

it's up to each author but probably

also competitors will probably post writeups

thanks

also .

.

oi

why did i just get a defender notif when i clicked on this channelk

😠

this is a hacking server

:blobskid:

if you are not ready for hacking we suggest you do the leave

hacking more like "let's set off everyone's AV just to piss them off"

who was that

nice one

:thonk:

discord critical vuln 😱 😱 😱

@sage musk ik LMFAO that's the joke

wao

what do u think ab cpanel?

zer0pts in first again 👀

rust wasm :dab:

removed the cat message

please don't post that again

xxddd

hi

dang who pulled the skid move

if anyone wants an explanation of why that skid move worked,
https://twitter.com/0x0elliot/status/1347877064360136705?s=20

yeah it's ok, it's not really skid even

it's just like

a bit annoying

¯_(ツ)_/¯

i mean, everything is really working as intended

not if you have linux 🆒

"i have linux, it's impossible for me to get a virus"

but that's not a virus sir

no

it's like vbs or smth

that's just a vbs script appended to the tail of an image which doesn't execute at all

yeah i know

just triggers your windows defender. it's harmless.

yeah i know mate

yez

🤡

but i'm saying that it's good protocol in general to keep malicious code off your main computer

indeed

someone put a miner on my jupyter instance, but they were slightly more clever

they made a hidden dir in /tmp

and named the file "python"

lol

do you have the sample? how did it happen?

rather than just fucking downloading xmrig plonk right in the middle of the home dir

i am not familiar with jupyter

uhh i deleted it, but it'll come backl

very soon

come back? lol

yeah

scripts

scrape shodan

http://54.193.20.84:8888/tree?

ill delete your ip form the list, but this is what it looks like

mhm

some guy connected from an AWS instance, and the AWS instance also hosted his résumé

opsec 100

lol why would you do that

also i know most people are perfectly capable of absolutely destroying my measly AWS instance, even without perms

please do not do so

bitcoinz

i lack context because i haven't visited that link, but poggers on you champ

https://ginkoid.is-inside.me/RhhP5rtt.png

lmao

@ whoever was asking for cookies

thanks kind sir

alright cya need to prep for gunnhacks, wish me luck setting up picoctf platform

you hosting a CTF?

uh

why not just use CTFd? it's so much simpler?

picoctf shell 🤤

why not just use rCTF?

👀

i kind of asked for this didn't i

lol

wait so picoCTF gives players a shell too that you want to use in your CTFs right

that's so cool

yeah

it is

uses SUID for pwn

and also has docker challenges built in

those carnegie mellon nerds

ok but you kinda need infinity money to run picoctf platform

it's a like less than 24 hr ctf

shell server mad expensive

cpu rations

historically shell servers on hs ctfs have

sucked

wait

because its always very laggy

only one hs ctf has a shell server

and forcing competitors to use the shell server

makes chall solving cancer

we'll have netcat obviously as well

https://media.discordapp.net/attachments/782874611997868072/807808666077626438/unknown.png

and that one ctf has also had the shell server result in unintended cheese

gunnhacks is a "mini ctf" aka it's for people who mainly

• don't really know a programming language
• don't have a lincox installation or vm
• will mald if they need to spend more than half an hour on a challenge

also picoctf shell server resulted in massive cheese

in picoctf

yes it did

lol yea

that's pretty nice

lmao

fr?

yea uh

yeah, all flags leeked

that's so cool

ppl are dumb

needed to ALL be changed

12h downtime

:pepega:

oh yeah all the flags got leeked

:pepega:

I thought you were referring to the mysql login

lol

there is: lfi rce via /tmp in php

ppl sticking flags in /tmp

also the mysql one

tldr shell server = /tmp abuse

12h downtime

team still maxes in 1.5 days

ok rob

wow I wonder which team that was

they must be really good

people can't be trusted to run their own infrastructure

end of story

tooting my own horn a little

and "oh i'm writing my own ctf platform"

no

please

can I toot ur horn

ANYTHING

but that

wait

ok but compare dice infra to

csaw

reminds me of that one time this one french CTF team clapped a CTF

csaw is just ctfd

ctfd is boring, but reliable

until it isnt

"ctfd is reliable"

until ctfd dead

rctf doesn't have individual accounts

minute 2

what are the bad things you guys noticed about it?

uh

people dont know how to host it

hsctf ran ctfd on 16 core box

it still died

wait isn't there a meme abt how

ctfd always dies

dice is running on a 4 core box

and using 10% cpu

lol

in the first 5 min

hm

our rctf instance is massively underutilized

I've actually used both ctfd and rctf for my club in the past

google is telling us to downsize it :^)

I would say they are pretty equal in configuration complexity

ig editing yaml isn't for everyone

ractf, rarctf, ractf, picoctf, rgbpwnsecsexsketchctf, ctfd

ctfx

yaml

I used to run our club's ctf platform on the school's shared hosting service

ctfd was actually unusably slow

google forms 😤

yea rctf is severely lacking in the admin ui department

we're working on it™️

what about the team limit department

hm

typically in ctfs we just share one account anyway

we have the user members thing that you saw in redpwnctf

yeah, but if a ctf organiser doesn't want that

yeah i have noticed how CTFd is slow. but while testing it never died yet

yea and this

I guess the whole concept of team limit relies on honour system anyway

https://cdn.discordapp.com/attachments/663099639779819531/802695954405785640/unknown.png

which is fine

when there's a ctfd the team is always

• redpwn
• BrownieInMotion

lol

why dont you just use your own account

is type a separate password to join the team

really that difficult

less friction for ppl to hop onto the ctf

if you can just copy-paste creds from a channel

there is already zero friction

you make an account

join the team

instead of going through registration flow

there doesnt need to be less friction

idt you understand how 50+ member ctf teams work

ye rCTF has a nice link thing

it's pretty smooth

google autofill is pretty neato as well

as we say in the buisness

main issue w/ ctfd comes when hosting big events

👀

helo qpwoeirut

spotted

i should be prepping for gunnjhaclks

but i am here

redpwn exposed!!!??!???!/1??!!11

it's extremely difficult to make sure everything works with large number of requests

mm

same

yo admins

what the fuck is did{gong}

redpwn more like kraftheinzberkshirehathawayconglomerate

and !bean

!bean

🔒 You do not have the required permissions to run this command

https://dicega.ng/

wait

why does that redirect now

noooo

rip

bean is where you bean someone

lol

our legendary logo ;-;

did gong

did gong

@stone nacelle qpwoeirut are you going to learn pwn for picoctf

😮

lol

no im not

then we dont need to harvest another pwn person

how is gunnhacks goiing

wouldnt we need to

if i dont learn

yeah

but if you dpo

i will not

sad!

man gunnhacks seems

lemonthink sticker

ok yea

now THATS epic

we probably shouldn't talk about this in this server

lol

as we don't want malding

if i understood node.js

this ctf would have been 3x faster

@stone nacelle did you already make a smol e

smh this is a public server

oh

sad!

although anybody who would do dicectf is already too advanced

presumably

oh wait

lol

tfw literally

lmao

unless we were to buy krusty burgers and disguise them as our own cooking 🤔

delightfully devilish

chop0

tfw I thought this was a bug

i am so confused

then I looked at the axis scale

i have no idea what that means but it sounds sus

2000 what

i just saw something in watermark as a service

requests

but replace krusty burgers with dicectf, and cooking with ctf challenges

from one ip

👀

tldr don't bruteforce please our computers get unhappy and when our computers get unhappy we get unhappy

no sir i saw something else

mostly from the uh 100+GB of logs we've collected

lol

default nginx log

wait chop

are you like

who is the admin for watermark as a service

yeah

actually attempting the ctf

or just

chilling on the server

dm me

dang sniped

i did a challenge yesterday, but today have been working on ghunnhax

chalenges

fizzbuzz helo

chop0 isn't helping his teammates smh

i think it was intended but i was taken aback because of the striking familiarity with something

ok actually gunnhacks can wait

back to reversing i go

gunnhacks is a hackathon?

:pepega:

yeah

bt with mini ctf

those events sort of feel sometimes lmao

yeah

hmm at redpwn we were floating around the idea of writing some shell server software btw

with fully isolated user shells running in docker

mm

running on one big dedi box bc roaming home directories is hard

ok but it'll probably be chroot in nsjail in docker in docker

knowing ginkoid

lmao

nsjail is great for fresh sandbox per conn but

shell server needs persistent environments per user

:/

we could just run rob's pwn docker as the image btw

no

rob uses python 2

3 unsolved challs left 👀

someone pls solve adult csp or else rob will be sad

yea rob spent a lot of time on this

so sad

gink too

adult csp has no site huh

oh wait

there are files attached

rob had wanted to put this in the web category btw

"it has a website so it's web"

too bad gink axed that idea

good ginky

gating adult csp behind babier csp smh

tfw no challenge dependencies in rctf

tbh that's probably something we should do eventually

along with a tag system

anyone down for copying justctf's scoreboard

solution to sice sice baby is house of chaos

thank me later x

why is there no functioning website dang it

admin for waas

dm me

Have all challs been released?

yes

we will be releasing a survey tho

all challs which affect ranking have been released already

Is anyone solve dice is you

Any hint regarding dice is you?

you have to solve level 5 properly to get the flag :^)

That level is a nightmare 😄

you could brute force it, but you'd have to try at least 3 different combinations of the symbols

for legal reasons I must say that I am joking and also have not solved it

😄

Hi! Admin for babyrop?

👀

aadmin for watermark as a service? 🤔

dm

Where do I go to learn how to complete these challenges as I have been unable to solve any . Of these I code Java and c

hello

Hello

Hello

where are you from ？

rip

no overnight bloods :(

will the challenges still be accessible after the end of the ctf?

picoCTF or overthewire are good places to start i think

@amber wind UHC when

never

nooo

i trained a whole year for this

any admin for babymix?

mge me again 👀

I uninstalled tf2 cause it's way too chonky

ok thats kinda chonky

David get on today

we play

josh's new pfp makes me very uncomfortable

same

YALL JUST JELLY

viv made it for a bucha ppl

wait i gotta finish my hw

🐒

yes later today silly

https://tenor.com/view/tommy-innit-o7-gif-19653128

ew csa

almost at 1k

wtf

noleek

caboose?

kunai lets you pull risky stabs

TRUE

gink i just sent a lot of ss

also hi gink how are you

also it makes it way easier to surf explosives

but

who needs nitro

when you can just upload new emotes

haskell moment

aplet

!clean until 808009973036089345

✅ Deleted 7 messages!

gink omg what did i do wrong

dwai

im worrying

!clean until 808012258713403402

✅ Deleted 13 messages!

censorship

wtmooooooooo

pure gink

we live in a society

🛏️ ⚔️

😰

the funniest thing is

wait no I'll say it in the pwn channel

:c

yooo mslc op

@neon matrix prize for blood on survey?

you get free gink points

is @harsh abyss 's love and respect still on the table

that's for him to decide

no prizes

tbh actually

I love java so much

👀

I did not have enough time to take part of the CTF but if someone post à writeup (after the end aswell) I am interested ( and Good Luck for THE
end of the CTF !)

admin for dice-is-you?

@loud vessel

potential prize for first one to blood survey

Reallly going for those in depth, well thought out survey responses there 😄

survey speedrun

tfw they wait 6 minutes after launch before announcing

rigged

don't worry, it doesn't affect tiebreaker or anything

the challenge exists purely so that more people see it

Where is my one point for the survey?

😦 we released it a bit late

so we thought 1 point would be unfair to bad timezones

And btw, you forgot to include the rating for the sanity check challenge, which was excellent

intentional

too many ppl troll by selecting it

In challenge rev/Guess the Vuln I am getting error: ./handler: 2: ./handler: Syntax error: newline unexpected (expecting ")") while opening http://localhost:31337/

Can some tell me how they solved the JavaScript ones please when the contest is over

any idea, If I am doing something wrong?

dm @amber wind

and writeups will hopefully be posted after the competition

just wanted to know if I am on right path?

are you publishing official writeups after the ctf ends?

if you're referring to a specific challenge, dm the author about it

depends on the challenge. some authors will be publishing official writeup/solution

you probably aren't running it properly

if you're getting a syntax error

thanks got it working

will there be a writeup channel?

after ctf ends yes

did anyone get dice is you

flag

look at the solves count

Can someone post a url for me into the writeup channel when the ctf is over?
I will be asleep by then

(someone who has completed babier csp preferably)

you can just post it later there's no rush

This CTF should be longer than 2 days

These challs are so good

lmfao

Wish I got a chance to look at more of them

welp is adult csp gonna get solved

you know if we extended the ctf by 24 hours that means we can release another batch of challenges

i FINALLY completed babier

pb are obviously hoarding it

you can always do them afterwards as long as our infra people aren't mean 😄

our infra people are mean

wont let me make mac pwn

ok xnu hacker

no windows pwn either

literally gnu shills

gnu hurd pwn when

we can leave challs up for as long as our gcp credit lasts

probably

windows kernel when

ios kernel when

just leave challs up until you have -200 balance in your account

if we take down admin bots it can probably run for a long time

well admeme bot is on gcf so

pretty low cost this time around

dont lemonthink me

wait is it free

lmao

this is absolutely not related to personal experiences

idk I haven't seen cloud functions on our billing report

how is ginkoid so op

orz

i forgot to shut off the instances @unique sail

ginkoid went from admeme bot at $30/day to ???/day

honest mistake

ginkoid gets kickbacks after shilling for google for so long

and then i left the chat

rgbctf platform 😔 ✊

vexctf platform

pepeg

the commonwealth

bad

vexctf is gnu hurd except ctf platform

:(

rgbctf platform is gnu hurd except ctf platform

bruh literally no one is working on it

@ pepsipu

now i just get dependabot requests

somehow bAse has adopted rgbctf2, which was probably a mistake, and he should probably remove it from his github

since its java EE

or something

somehow it was transferre

rgbctf 2

please dont make rgbctf 2

is this

@unique sail

the reunion of

rgbsec

what reunion

chop0 and you

what

what

whyyyyy

no ive stayed in contact with chop this whole time

i want free mice for guessing

insanity check

best challenge

from an organizer standpoint, was epic

most epic malding

if rgb2 then i'll have to do infra so aaza

was worth the two 1 votes on ctftime given by penguin

lmao

we needed more misc

and stego

ngl

redpwn writeup for one of the challs:
"SSTV."

are we allowed to say this now

redpwn exuded the most mald energy in the writeups

yeah

it was great

water under the bridge

we did writeups for rgbctf?

^

o wait

yeah you guys required writeups for every challenge

what did you expect

I remember writing up jisho

hahahahahahaha

thinking abt it

who can find the hackmd

i would make rgbctf2

please fuck off

it was so funny

no

yes

admeme bot is entirely free

please dont

epic clusterfuck

ok it could have been worse

please no

but it was pretty epic

next time you are gonna hide the flag in an emote you add halfway during the ctf

we're going to hide the flag on my desktop

why do you think I added

https://ginkoid.is-inside.me/MxWx0Oag.png

you found it

rob doesn't know because i wrote up soda lol

wait aplet can you make this owner write only

pepega

thonk

Using the not-great documentation of the nearly-featureless LaserLang langauge
I was hurt by this :sadtownloaf:

tfw

#This is the end goal of the operations. This was not actually included in the shared object with the encryption function.
#There is no knowing what these numbers actually meant, but we assumed it was the desired output if we were able
#to input the flag into the provided program. However, we could not even do that, as no executable was provided.

idt i wrote up any challs

i don't remember solving any challs

from that ctf

ok it's owner write only now

except maybe pepsipus

didn't rob do soda pop bop

you were having way too much fun with these for them to just be "for completion only"

dunno i didn't rly feel like doing guess

almost as bad as the recent shadowctf

https://hackmd.io/K9VxW3hVTZW7IBOlcjQGcA#Misc---another-witty-algo-challenge-name ah yes my rust algo

also smh if you're gonna have algo at least make it not "haha copy/paste dijkstra/floodfill go brrr"

i didn't kno how to do house of force so

robby did 💔

the worst part about rgb was that I never got the jam

imagine doing algo

i did it afterwards

i proposed the cheese solution tho

since i had just finished studysim

and it was similar

i cant believe we delivered some prizes

we were so close

to full bad ctf bingo

:(

what squares were you missing

blind pwn

because

Why is the admin bot so expensive?

you cant have blind pwn if you dont have pwn

aaa i was so against these algo challs but at that point it was already such a fucking mess i just gave up

good plan

fill it out

twitter drama after ctf

sampriti malding

we didnt ban over criticism

smh

This is amazing 😆

i think we tick every box

like literally every box

we definetily get those 5 bonus points XD

fake flags :pepega:

anyway let me in the winrars when sadtownloaf

we let chop in

you did

infra did not get hacked, but people decided to ddos it >:( and it was like 3 AM

so we might think about it

🤔

🤔

so i just threw more instances behind the load balancer

willwam845 should be admin next year

:blobreach:

nah im good

and then i accidentally deleted the main instance for ctfx bc i didnt label it

but then

digitalocean

was retardd

stay tuned in 40 days™️

and didnt delete backups

so

alternatively ip ban ppl 🙃

bro that was the worst afternoon of my life

was 3 AM, someone was using some booter and i honestly couldn't be bothered

imagine not having

no one else knew how to use DO

i was so fucking tired, and EVERY NIGHT

lol the blur

there was some problem

with the bloody infrastructure

so everyone was just like "fix this you have been talking to chop"

and im like

is this rgbctf?

yeah

@unique sail nice song

osu player?

lmfao

onigiri freeway does give it away doesn't it

yeah

yea hi

did you include my "alright cunts lets go"

in the song

in the end

or just the ai-generated inspirational quote

no i did not put that lmao

oh the

that

you know

LMAO

hahahhaahha

the end end end product of that

was

https://www.youtube.com/watch?v=omeqzUFUzls

i'm going to call this the one good thing that came out of rgbctf

Dice CTF more like nice CTF

yoooooooo

pb orz

called it

perfectly guessed

all challenges solved 🎉

op

literally called it

pb literally hoarding

pee bee

now rob doesn't need to be sad :)

now we finally know everything is solvable

lmao

problem can be solved and not solvable

yeah they just guessed the flag 🙄

truee

dice{gang}

no leek plox

congratz pb

little bit op

so how is everyone doing?

tired

wondering about starting to learn pwn

so not that good

do not

turn to the pwn side

you will have to deal with poortho and his notorious glibc pwns

^

that sounds scary

stay at the misc side

poortho put me out of a job 😄

Solve pyjails and guess flags

stick to kmh and his pyjails

yeah maybe crypto in not that bad in the end

Would it be possible to train an AI to guess flags

Give it a flag and a challenge name

And an author

false

create an AI that tries all iacr paper links

create an AI that uses GPT-3 to write its own IACR paper

backdoor the next amazing crypto challenge™️

Maybe this would be useful for crypto

Given a paper, write code that does what is spoken about in the paper

yours sound better

crypto papers without implementation should be banned

@amber wind does escortum do a good job of screenshots

idk I never used it

hm i want a screen recorder with no ui

obs!

terminal recorder

asciinema?

i want maim but for recordings

draw a box / click a region to start

keybind to stop

quicktime player can do that

blinkenlights