Cornell Spring Mini CTF Writeups
1 February, 2026
The Spring CTF concluded on January 31st, 2026 with 48 users and 1 unblooded challenge. Unlike the Fall mini CTF, this competition included challenges made by members of the CTF competition team. With NECCDC in the same month, I only managed to make 1 blind web challenge, and also a collection of OSINT challenges, which were mostly from my photo dump in Vietnam.
This blog post will contain the following challenges: ‘Under Construction’, ‘Drinks’, ‘Beautiful’, ‘🥥🍦’, ‘Food’, and ‘Ts class pmo’.
For other challenges, I will add them right under here when I receive them from the competition team.
With that being said, here are the writeups for my challs!
Web
Under Construction
2 solves
I thought of this challenge when I was in Vietnam, which was also when I had to do scripting and infra for the CCDC team, so I made this (what I thought) simple blind-web challenge.
The challenge started with this static web page and no given src
Looks boring. Let’s see what’s underneath by viewing the page source
We can immediately tell that this is running on React and Next.js. From a pentester standpoint, it is almost second nature to check for the version of the webpage’s server.
This can be done by adding the -I flag to curl, and this is the result of doing so.
Even if you didn’t know this existed, an nmap service scan with -sV will also reveal it. It’s even in one of the chunks, I think.
From there, it simply became another OSINT challenge. If you’ve been listening to security news for the past 2 months or have built web apps yourself, you have definitely heard of the critical CVE-2025-55182 / CVE-2025-66478, more commonly known as React2Shell. This 10.0 CVSS-scored vulnerability has affected thousands of websites since React.js with its server components has been a staple for many developers to use.
If you have figured it out this far, all that’s left is to find a Proof-of-Concept (PoC) that can exploit this vulnerability. I found this one to be effective.
Then reading the flag is trivial after getting shell.
ccy{Y0u_g0tta_r3ad_th3_CVEs_bruh_:wilted_rose:}
To those who asked why this challenge didn’t have an instancer as someone could’ve just rm -rf the whole container, I have already made it so you’re an unprivileged user in a read-only tmpfs root filesystem.
Honestly I wanted to write an actual challenge instead of this, but we’ll just have to wait for the next CTF.
OSINT
Now for everyone’s favorite part: OSINT! This semester, I spent a big chunk of my winter break in Vietnam. Had lots of food and drinks (definitely needed that) and went to a lot of cool places.
Drinks
18 solves
I had drinks here. Drinks were mid, view is ok. Find the google maps location of the coffee shop
e.g. ccy{343 Campus Rd, Ithaca, NY 14853}
If you look at the image as a whole, you wouldn’t be able to get much. Just a view of the beach and some people chilling. But if you zoom in on the right, you’ll see a weird sculpture on a piece of rock.
If you crop the photo onto the sculpture, you’ll see it’s the “Hòn Rù Rì” in Vũng Tàu, Vietnam. I’ve seen it falsely detect to stuff in Thailand or other places, but if you got lucky and did not fall into that rabbit hole, then you can easily identify where this was on Google Maps.
The coffee shop location added a little caveat to the problem. We can see that there is a bridge directly connecting the shop to the rock. This means that there is a direct path to the monument.
The flag then is:
ccy{1 Trần Phú, Phường 1, Vũng Tàu, Bà Rịa - Vũng Tàu 78000, Vietnam}
Beautiful
15 solves
Isn't the beach so beautiful. Find the google maps location
e.g. ccy{343 Campus Rd, Ithaca, NY 14853}
Honestly I expected much fewer solves for this challenge, as I thought it was just a random tunnel I found that led to a beautiful scene.
Turns out if you just put the second image into Google Images, it will spit out the correct address. Idk why I didn’t check for this when making this chall XD. The intended solve was to go around the coast of Vũng Tàu to find this tunnel. Oh well.
ccy{107 Trần Phú, Phường 5, Vũng Tàu, Bà Rịa - Vũng Tàu, Vietnam}
🥥🍦
14 solves
I love coconut ice cream. Find me the google maps address e.g. ccy{343 Campus Rd, Ithaca, NY 14853}
This challenge bumped up a tiny bit in difficulty. When directly putting this image into Google Images, nothing of interest really pops up. Just coconut ice cream near the coastline. You’d probably guess it’s Vietnam again and you’d be correct.
From there, you could just look around the coastline for the place — perfectly valid.
Another solution path is to realize the facebook post that pops up when looking up the image. The view does look the same as the challenge image, except at a slightly different angle. This turns out to be an advertisement post for the store, CocoDeli.
The flag is then obvious from there
ccy{154A Hạ Long, Phường 2, Vũng Tàu, Bà Rịa - Vũng Tàu 78000, Vietnam}
Food
5 solves
O NOM NOM NOM NOM. Find the google maps location
e.g. ccy{343 Campus Rd, Ithaca, NY 14853}
This is where the challenges got difficult. A Google Images search on the first photo would reveal that the food I was eating was called bánh khọt. If you noticed, there were either shrimps or squids there also, which in Vietnamese would be tôm or mực, respectively. Creatively, the full name of that dish is bánh khọt tôm or bánh khọt mực.
However, a problem quickly arises: there are too many places that sell that food in the area. You could go through all of the stores that sell the food — nothing wrong with that — but there are better ways to do this.
Looking at the second picture, you might have noticed that the store is located on a small road (You could see the car and refer to that). That’s a big hint as a lot of the stores are tourism traps, which are usually out on the open roads.
There is also something subtle in the picture that some might have missed, and that is the numerical address. If you zoom in to the middle-right side of the picture, you’ll see the number “11”. This means that our store is probably numbered from 8-14 (depends on the direction).
From there, it is quite easy to determine which one it is. There are only, like, 3-4 stores that fit all requirements, and this was the one I was looking for.
ccy{8B Lương Văn Can, Phường 2, Vũng Tàu, Bà Rịa - Vũng Tàu, Vietnam}
Ts class pmo
Whyyy do I have to take this class? Whyyy is it required for me. Flag is ccy{Class} e.g. ccy{CS1110}
I got the most amount of backlash for this challenge, saying that this is practically impossible, given the limited 5 attempts to solve. Here was my thought process on the solve for this challenge.
Finding my major
In order to find out which class this was, the first step should be to find out what major I am. The people who knew me would remember that I’m a Chemical Engineer. Surprisingly, only 1 out of the 5 people who solved this chall knew who I was. This would, of course, give an unfair advantage, so I also mentioned it in the Cornell University public Discord Server
Finding the class
Okay, that reduces it down a bit. But what type of class should I be looking for? The hint did mention that it was a required class, so electives and upper level classes are out of the picture. But there are still so many classes to choose from.
Looking up the TAs
We see in the picture that Angel and Lara are passing back the exams. If you looked up “Angel Cornell Chemical Engineering” and “Lara Cornell Chemical Engineering” then you would find hits with both of them being seniors.
A “leap” of logic
A small jump in logic here is required. Seeing how both TAs are ChemE seniors, this is most likely a class full of ChemEs. From there, it’s very easy to deduce which class it is. If you found any of my socials — either Instagram or Linkedin or even in the Discord servers — you would know that I’m a class of ‘28. This means that I am currently a sophomore in semester 4 in 2026. Which leaves the only class which could be filled with ChemE’s EngrD2190 from the ChemE flowchart.
Thus the flag is:
ccy{EngrD2190}
Thanks for reading this blog, it was quite fun making it.