About This Blog.

Posted on 08 Jul 2019 by Aadi Bajpai

Last updated 02 Mar 2020 at 8:55 am
permalink
Pinned post

Hello

I'm not going to write anymore on my Medium (too much pay to play), and this is where new posts will be published.

I love this blog, although it is a relative pain to maintain, purely because of this retro vibe it has going on.

It is pretty formal as well, which is how I imagine myself writing (all hunched over a typewriter by candlelight lol).

The source code of this blog is at https://github.com/aadibajpai/blog. It is composed solely of linux utilities and I am a Windows pleb unfortunately. This meant configuring a lot of stuff to work with wsl and figuring out how to run the Windows Sublime Text program from inside wsl to create and edit posts like this one. Previously, I used to actually ssh into a linux server just to run the blog, that's how much I like it.

This also serves as a test blog post.

Lorem Ipsum or whatever.

import __hello__ # This should be inline code

Now, let's try a code block.

from __future__ import braces
import antigravity
# A few Python easter eggs and also an example of a code block

italics and bold

Thanks for visiting, stay to read a couple of posts :)

If you have something to say about this blog (appreciation appreciated, criticism appreciated even more not really) then please go ahead and contact me at [email protected]

castorsCTF 2020 Writeups

Posted on 01 Jun 2020 by Aadi Bajpai

Last updated 16 Jun 2020 at 12:00 am
permalink

My CTF team Pwnzorz recently won castorsCTF20 🥳

Here are the writeups for the challenges I did for verification. I've tried to go into detail where possible but feel free to hit me up for a clarification if you don't understand what I did or the thought process, which, in my opinion, is the most important part of solving a challenge.

Let's get started.

Read the entire post

WPICTF 2020 Writeup(s)

Posted on 20 Apr 2020 by Aadi Bajpai

Last updated 20 Apr 2020 at 7:13 pm
permalink

A couple of days ago, me and a couple of other GCI winners decided to participate in the WPI CTF out of quarantine boredness, we ended up finishing #14 which I think was pretty great since we were all just doing it for fun.

This is a writeup for the Luna steganography challenge, because that's the one I found the most interesting.

Luna

They say the full moon makes people go crazy... hopefully this stego won't have the same effect on you!

Luna

So as you see, we start off with a Luna.tar.xz file which on decompressing gives a Luna.tar file which on further unzipping gives a file named 1.png and a zipped folder with two password protected files—Just In Case.png and jut.

Clearly, we're supposed to start out with 1.png which in looks is nothing but an all white image.

1.png

I ran the stegoveritas tool on it to examine further and it printed a lot of metadata and exif info and carved out a couple of .zlib files. Interestingly, the metadata had 2 fields that stood out:

  1. StudyPhysician: awcIsALegendAndIHopeThisIsAStrongPasswordJackTheRipperBegone
  2. Description: oops, all #FFD2A4#

From the first, we have our password! The jut file seemed absolute gibberish while Just In Case.png was a screenshot from gimp.

Just In Case

Looking at jut from a hex editor, the first 3 characters were interesting: BPS

Upon googling, a .bps file is one used to patch ROMs on SNES emulators and stuff so I downloaded Flips, a patcher for BPS files.

I tried to patch jut on 1.png but welp, no dice.

Circling back, we hadn't yet used the 2nd line from metadata nor Just In Case.png so it has to do something with those.

Read the entire post

How To Google Code-in

Posted on 12 Jul 2019 by Aadi Bajpai

Last updated 15 Jun 2020 at 8:40 pm
permalink

June 2020 (and probably final) edit: Google Code-in has now been discontinued.

As much as I'd like to say my disappointment is immeasurable and my day has been ruined, I'm just grateful for the amazing people I got to meet and the fun stuff I got to do directly or indirectly through the program. If you're reading this in expectation of GCI, I wish you luck in your endeavours :)

Ultimately, here is a testimonial from Dylan Iskandar, GCI GPW 2019:

ngl tho that article saved my ass


I originally wrote this way back in early 2018 but it's still valid today.

Googleplex - where the winners go

If you read this in time for Code-in 2019 and are aged between 13 to 17, you might be in luck, for this post might just help you out. It would’ve made it easier for me too, if this existed before I won. I list some pro tips that I feel would be useful in order to fully experience GCI.

The aim of the contest is to simply encourage young developers to get started with open-source. Interestingly, unlike other contests, not everyone participates in GCI to truly win. Yes, I hear you, the Grand Prize is an all expenses paid 4 days trip to fucking Googleplex and here you see me saying some people don’t really concentrate on that. It is true though, a participant can approach Code-in two ways-

  1. Quickly complete 3 noob tasks (including 2 beginner tasks) which guarantees you a Google Code-in t-shirt and call it quits. It’s that simple, you could do that in just a day.

  2. Work constantly through the 7 weeks and go all in hoping for the big prize.

Unsurprisingly, most people go with the first option. Google Code-in 2017 had 3555 students who completed 16468 tasks. That averages to a bit over 4 tasks per student. (I did 21 - and that’s just the tasks I could claim)

Read the entire post