Randomly decided to play DuCTF this weekend because I randomly noticed they had two Ruby challenges. The first one was moderately hard and pretty clever. The second one was hard with a capital H even for me a Rubyist; press F in the chat for the non-Rubyists because they had almost no chance of figuring it out. Will post a writeup next week describing my thought process, pitfalls, and protips.

I did get to use ronin on a few challenges. The ronin http --shell URL command came in handy for the web challenges that required sending special requests to a web server; unlike a web browser or curl, ronin http will not try to decode your pre-escaped path or query-params. For the network challenges that required writing some automated script, I got to use ronin/support/io_shell which adds a .shell method to all IO objects, so you can just do socket.shell in the middle or at the end of your Ruby script, and jump into an interactive netcat-like shell. Very handy.
#DUCTF #ductf2023 #ctf #ruby #ronin #roninrb

Was surfing the internet to find some #OSINT Challenge to kill time and found #ductf2023. Solved 4 OSINT challenge. It was a nice CTF especially challenge #faraday as this is a interesting challenge which requires JSON knowledge (luckily overpass turbo uses JSON and ChatGPT saves my day :)

Thanks @DownUnderCTF for holding such a great event :)