new posts yippie

Author: Slavetomints

_posts/2025-10-15-diver-osint-ctf-25-afghanistan.md

@@ -0,0 +1,35 @@
+---
+title: Afghanistan
+date: 2025-10-15
+categories:
+  - Capture The Flags
+  - Diver OSINT CTF 2025
+tags:
+  - ctf
+  - diver osint ctf 2025
+  - osint
+  - writeups
+description: Diver OSINT CTF 2025 Afghanistan Challenge
+---
+
+
+> Challenge description:
+>
+>When and where was the photo shown at 65-67 seconds in this video taken?
+Flag format: Diver25{location name_YYYY-MM-DD} (location name should be in English)
+For example, if it was taken at Camp Darby on June 5, 2025, it would be Diver25{Camp Darby_2025-06-05}.
+{: .prompt-info }
+
+okay, so the photo we're looking for is this:
+![two soldiers playing basketball](/assets/img/diver25/afghanistan/basketball.png)
+
+And after throwing the image into Google images, we were able to find this link: `https://www.gettyimages.com/detail/news-photo/two-us-soldiers-from-1st-infantry-division-play-a-game-of-news-photo/1248038111`
+
+![the getty images site](/assets/img/diver25/afghanistan/getty-images.png)
+
+The site even provides a description of the photo too!
+> TOPSHOT - Two US soldiers from 1st Infantry Division play a game of basketball at ISAF's Camp Bostick in Naray, in Afghanistan's eastern Kunar province on April 16, 2009. The ISAF deployment numbers more than 58,000 troops from 42 countries, according to its latest information. It works alongside a US-led coalition that is estimated to number around 10,000 although the figure is not public. AFP PHOTO/LIU Jin (Photo by LIU JIN / AFP) (Photo by LIU JIN/AFP via Getty Images)
+
+Following the flag format, let's submit the flag!
+
+FLAG: `Diver25{Camp Bostick_2009-04-16}`

_posts/2025-10-15-picoctf-rust-fixme-3.md

@@ -0,0 +1,157 @@
+---
+title: Rust fixme 3
+date: 2025-08-19
+categories: [Capture The Flags, picoCTF]
+tags: [ctf, picoctf, general skills, writeups]
+description: picoCTF Rust fixme 3 Challenge
+---
+		
+
+> Challenge description:
+>
+>Have you heard of Rust? Fix the syntax errors in this Rust file to print the flag!
+{: .prompt-info }
+
+Alright, this is the final one of the Rust fixme series (as of yet), so let's dissect this one now.
+
+```terminal
+❯ cargo run
+   Compiling crossbeam-utils v0.8.20
+   Compiling rayon-core v1.12.1
+   Compiling either v1.13.0
+   Compiling crossbeam-epoch v0.9.18
+   Compiling crossbeam-deque v0.8.5
+   Compiling rayon v1.10.0
+   Compiling xor_cryptor v1.2.3
+   Compiling rust_proj v0.1.0 (/picoCTF/rust-fixme-3/fixme3)
+error[E0133]: call to unsafe function `std::slice::from_raw_parts` is unsafe and requires unsafe function or block
+  --> src/main.rs:31:31
+   |
+31 |         let decrypted_slice = std::slice::from_raw_parts(decrypted_ptr, decrypted_len);
+   |                               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ call to unsafe function
+   |
+   = note: consult the function's documentation for information on how to avoid undefined behavior
+
+For more information about this error, try `rustc --explain E0133`.
+error: could not compile `rust_proj` (bin "rust_proj") due to 1 previous error
+```
+
+```rust
+use xor_cryptor::XORCryptor;
+
+fn decrypt(encrypted_buffer: Vec<u8>, borrowed_string: &mut String) {
+    // Key for decryption
+    let key = String::from("CSUCKS");
+
+    // Editing our borrowed value
+    borrowed_string.push_str("PARTY FOUL! Here is your flag: ");
+
+    // Create decryption object
+    let res = XORCryptor::new(&key);
+    if res.is_err() {
+        return;
+    }
+    let xrc = res.unwrap();
+
+    // Did you know you have to do "unsafe operations in Rust?
+    // https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html
+    // Even though we have these memory safe languages, sometimes we need to do things outside of the rules
+    // This is where unsafe rust comes in, something that is important to know about in order to keep things in perspective
+
+    // unsafe {
+        // Decrypt the flag operations
+        let decrypted_buffer = xrc.decrypt_vec(encrypted_buffer);
+
+        // Creating a pointer
+        let decrypted_ptr = decrypted_buffer.as_ptr();
+        let decrypted_len = decrypted_buffer.len();
+
+        // Unsafe operation: calling an unsafe function that dereferences a raw pointer
+        let decrypted_slice = std::slice::from_raw_parts(decrypted_ptr, decrypted_len);
+
+        borrowed_string.push_str(&String::from_utf8_lossy(decrypted_slice));
+    // }
+    println!("{}", borrowed_string);
+}
+
+fn main() {
+    // Encrypted flag values
+    let hex_values = ["41", "30", "20", "63", "4a", "45", "54", "76", "12", "90", "7e", "53", "63", "e1", "01", "35", "7e", "59", "60", "f6", "03", "86", "7f", "56", "41", "29", "30", "6f", "08", "c3", "61", "f9", "35"];
+
+    // Convert the hexadecimal strings to bytes and collect them into a vector
+    let encrypted_buffer: Vec<u8> = hex_values.iter()
+        .map(|&hex| u8::from_str_radix(hex, 16).unwrap())
+        .collect();
+
+    let mut party_foul = String::from("Using memory unsafe languages is a: ");
+    decrypt(encrypted_buffer, &mut party_foul);
+}
+```
+
+Okay, so it looks like our issue here is explained in the comments `calling an unsafe function that dereferences a raw pointer`. In Rust, when you do unsafe things with the language, you should include them within a `unsafe` block. Thankfully for us, the block is simply commented out, and we can remove the comments to make the program work again.
+
+Our fixed source code should look like the following:
+
+```rust
+use xor_cryptor::XORCryptor;
+
+fn decrypt(encrypted_buffer: Vec<u8>, borrowed_string: &mut String) {
+    // Key for decryption
+    let key = String::from("CSUCKS");
+
+    // Editing our borrowed value
+    borrowed_string.push_str("PARTY FOUL! Here is your flag: ");
+
+    // Create decryption object
+    let res = XORCryptor::new(&key);
+    if res.is_err() {
+        return;
+    }
+    let xrc = res.unwrap();
+
+    // Did you know you have to do "unsafe operations in Rust?
+    // https://doc.rust-lang.org/book/ch19-01-unsafe-rust.html
+    // Even though we have these memory safe languages, sometimes we need to do things outside of the rules
+    // This is where unsafe rust comes in, something that is important to know about in order to keep things in perspective
+
+    unsafe {
+        // Decrypt the flag operations
+        let decrypted_buffer = xrc.decrypt_vec(encrypted_buffer);
+
+        // Creating a pointer
+        let decrypted_ptr = decrypted_buffer.as_ptr();
+        let decrypted_len = decrypted_buffer.len();
+
+        // Unsafe operation: calling an unsafe function that dereferences a raw pointer
+        let decrypted_slice = std::slice::from_raw_parts(decrypted_ptr, decrypted_len);
+
+        borrowed_string.push_str(&String::from_utf8_lossy(decrypted_slice));
+    }
+    println!("{}", borrowed_string);
+}
+
+fn main() {
+    // Encrypted flag values
+    let hex_values = ["41", "30", "20", "63", "4a", "45", "54", "76", "12", "90", "7e", "53", "63", "e1", "01", "35", "7e", "59", "60", "f6", "03", "86", "7f", "56", "41", "29", "30", "6f", "08", "c3", "61", "f9", "35"];
+
+    // Convert the hexadecimal strings to bytes and collect them into a vector
+    let encrypted_buffer: Vec<u8> = hex_values.iter()
+        .map(|&hex| u8::from_str_radix(hex, 16).unwrap())
+        .collect();
+
+    let mut party_foul = String::from("Using memory unsafe languages is a: ");
+    decrypt(encrypted_buffer, &mut party_foul);
+}
+```
+
+So lets run it again now!
+
+```terminal
+❯ cargo run
+   Compiling rust_proj v0.1.0 (/picoCTF/rust-fixme-3/fixme3)
+    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.08s
+     Running `/picoCTF/rust-fixme-3/fixme3/target/debug/rust_proj`
+Using memory unsafe languages is a: PARTY FOUL! Here is your flag: picoCTF{n0w_y0uv3_f1x3d_1h3m_411}
+```
+
+FLAG: `picoCTF{n0w_y0uv3_f1x3d_1h3m_411}`

_posts/2025-10-16-diver-osint-ctf-2025-hidden-service.md

@@ -0,0 +1,43 @@
+---
+title: hidden_service
+date: 2025-10-15
+categories:
+  - Capture The Flags
+  - Diver OSINT CTF 2025
+tags:
+  - ctf
+  - diver osint ctf 2025
+  - osint
+  - writeups
+description: Diver OSINT CTF 2025 hidden_service Challenge
+image: /assets/img/diver25/hidden-service/hidden_service.jpg
+show_image: false
+---
+
+
+> Challenge description:
+>
+>See the attached file and capture the flag!
+{: .prompt-info }
+
+Okay, let's take a look at this file now:
+
+![crumpled paper showing a .onion link](/assets/img/diver25/hidden-service/hidden_service.jpg)
+
+Okay! This one should hopefully be easy. All we see is a URL, but this one is special
+
+Let's quickly break down how URL's look using this one: `https://example.com`
+
+The `https` part, that is the part before the `://` specifies the protocol to use. After that part is the domain name, which is `onion` in our case. And finally, we have the Top Level Domain, or TLD. That's the `.com` part at the end.
+
+This link, however, has a `.onion` TLD, which is a special TLD I'll let Wikipedia do the talking here:
+
+> .onion is a special-use top-level domain name designating an anonymous onion service, which was formerly known as a "hidden service", reachable via the Tor network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software installed, Internet programs such as web browsers can access sites with .onion addresses by sending the request through the Tor network.
+{: .prompt-info}
+
+We can access the site using Tor, which is a browser that connects to the Tor network. and when we do, our flag is there.
+
+![the flag](/assets/img/diver25/hidden-service/flag.png)
+*While true that many "Dark Web" sites use Tor to remain anonymous, the mere fact of using Tor doesn't make you a criminal. Journalists and privacy enthusiasts also use it for its privacy features.*
+
+FLAG: `Diver25{w3lc0m3_70_d4rkw3b!}`