https://john-jkar.github.io/myblog/tags/misc/Recent content in Misc on 4mN3s14 | CTF Player & StudentHugoen-usMon, 02 Mar 2026 00:00:00 +0000https://john-jkar.github.io/myblog/posts/pyjs/Mon, 02 Mar 2026 00:00:00 +0000https://john-jkar.github.io/myblog/posts/pyjs/<h1 id="pyjs--daily-alpacahack-writeup">pyjs — Daily Alpacahack Writeup</h1> <p><strong>CTF</strong>: AlpacaHack / SECCON<br> <strong>Category</strong>: Misc<br> <strong>Difficulty</strong>: Hard<br> <strong>Author</strong>: minaminao</p> <h2 id="challenge">Challenge</h2> <p>We connect to a server running this code:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-python" data-lang="python"><span style="display:flex;"><span><span style="color:#f92672">import</span> subprocess </span></span><span style="display:flex;"><span>code <span style="color:#f92672">=</span> input(<span style="color:#e6db74">&#34;Enter your code: &#34;</span>) </span></span><span style="display:flex;"><span>res1 <span style="color:#f92672">=</span> subprocess<span style="color:#f92672">.</span>run([<span style="color:#e6db74">&#34;runuser&#34;</span>, <span style="color:#e6db74">&#34;-u&#34;</span>, <span style="color:#e6db74">&#34;nobody&#34;</span>, <span style="color:#e6db74">&#34;--&#34;</span>, <span style="color:#e6db74">&#34;python3&#34;</span>, <span style="color:#e6db74">&#34;-c&#34;</span>, code], capture_output<span style="color:#f92672">=</span><span style="color:#66d9ef">True</span>) </span></span><span style="display:flex;"><span><span style="color:#66d9ef">assert</span> res1<span style="color:#f92672">.</span>returncode <span style="color:#f92672">==</span> <span style="color:#ae81ff">0</span> <span style="color:#f92672">and</span> res1<span style="color:#f92672">.</span>stdout<span style="color:#f92672">.</span>strip() <span style="color:#f92672">==</span> <span style="color:#e6db74">b</span><span style="color:#e6db74">&#34;I LOVE ALPACA&#34;</span> </span></span><span style="display:flex;"><span>res2 <span style="color:#f92672">=</span> subprocess<span style="color:#f92672">.</span>run([<span style="color:#e6db74">&#34;runuser&#34;</span>, <span style="color:#e6db74">&#34;-u&#34;</span>, <span style="color:#e6db74">&#34;nobody&#34;</span>, <span style="color:#e6db74">&#34;--&#34;</span>, <span style="color:#e6db74">&#34;node&#34;</span>, <span style="color:#e6db74">&#34;-e&#34;</span>, code], capture_output<span style="color:#f92672">=</span><span style="color:#66d9ef">True</span>) </span></span><span style="display:flex;"><span><span style="color:#66d9ef">assert</span> res2<span style="color:#f92672">.</span>returncode <span style="color:#f92672">==</span> <span style="color:#ae81ff">0</span> <span style="color:#f92672">and</span> res2<span style="color:#f92672">.</span>stdout<span style="color:#f92672">.</span>strip() <span style="color:#f92672">==</span> <span style="color:#e6db74">b</span><span style="color:#e6db74">&#34;I LOVE SECCON&#34;</span> </span></span><span style="display:flex;"><span>print(<span style="color:#e6db74">&#34;Wow... Alpaca</span><span style="color:#e6db74">{REDACTED}</span><span style="color:#e6db74">&#34;</span>) </span></span></code></pre></div><p><strong>Goal</strong>: Submit a single line of code that prints <code>I LOVE ALPACA</code> when run as Python and <code>I LOVE SECCON</code> when run as Node.js.</p>https://john-jkar.github.io/myblog/posts/missing-cursor/Fri, 20 Feb 2026 06:00:00 +0000https://john-jkar.github.io/myblog/posts/missing-cursor/<h1 id="dancing-cursor--daily--alpacahack-writeup">Dancing Cursor — Daily Alpacahack Writeup</h1> <p><strong>Challenge:</strong> Dancing Cursor<br> <strong>Category:</strong> Rev / Misc<br> <strong>Difficulty:</strong> Medium</p> <h2 id="the-challenge">The Challenge</h2> <p>We&rsquo;re handed a single command:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>echo SGVyZSBpcyB0aGUgZmxhZzo... | base64 -d </span></span></code></pre></div><p>Running it in a terminal flashes the message:</p> <pre tabindex="0"><code>Here is the flag: Xiqxox{==============================================} ... but it has been wiped away. </code></pre><p>Clearly <code>Xiqxox{===}</code> is a decoy. The real flag was written and then erased before we could see it.</p> <h2 id="understanding-the-trick">Understanding the Trick</h2> <p>Decoding the base64 gives raw bytes that are mostly <strong>ANSI terminal escape sequences</strong>. The structure is:</p>