This is a writeup for the Key Mission challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Forensics.
The secretary of earth defense has been kidnapped. We have sent our elite team on the enemy's base to find his location. Our team only managed to intercept this traffic. Your mission is to retrieve secretary's hidden location.
This is a writeup for the Input as a Service challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Misc.
In order to blend with the extraterrestrials, we need to talk and sound like them. Try some phrases in order to check if you can make them believe you are one of them.
This is a writeup for the BlitzProp challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Web.
A tribute page for the legendary alien band called BlitzProp!
This is a writeup for the CaaS challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Web.
cURL As A Service or CAAS is a brand new Alien application, built so that humans can test the status of their websites. However, it seems that the Aliens have not quite got the hang of Human programming and the application is riddled with issues.
Well, here we go. This was the very first CTF event that I took part of while it was happening, and I'm quite proud of my results!
Most importantly, almost every challenge that I finished taught me a bunch of new concepts and techniques, and showcased what can be expected in the field of hunting vulnerabilities.
By the end of the 5-day ordeal I got to 357th place out of 4740 teams and more than 9500 players, and I'm very satisfied with such an outcome from my very first event of this type.
But, as I can now see, the learning process continues even after the event, in the form of writing write-ups! The much more level-headed approach of trying to explain and follow the process of finding the flags means that I get to see my ideas and techniques in a new light, and organise the tools and concepts much better.
Reading write-ups is also indisplensable, as there were quite a few other challenges that I was sure I was very near to solving, but never found out what I was missing. Reading other people's write-ups allowed me to see what I was did right or wrong, and how to improve on that.
So I hope you get that from reading these write-ups as well, and learn a few things from them, or at least see an another approach to solving the same problem.
Enjoy!
Inspector Gadget - Cyberapocalypse 2021 CTF
An easy warm-up challenge in the style of a scavenger hunt
CaaS - Cyberapocalypse 2021 CTF
Exploiting curl running locally on the host, to get local file inclusion
miniSTRypalace - Cyberapocalypse 2021 CTF
Showcasing the importance of white-listing instead of black-listing commands and strings inside PHP
BlitzProp - Cyberapocalypse 2021 CTF
Exploring the interesting concept ot AST injection and prototype pollution, resulting in remote code exectution. And all of that because we use the wrong version of a library in node
E.Tree - Cyberapocalypse 2021 CTF
Blind XPATH injection with a slight twist
Wild goose hunt - Cyberapocalypse 2021 CTF
A challenge showcasing the weakness of improper handling of mongo queries
Emoji Voting - Cyberapocalypse 2021 CTF
This fun challenge showcases blind SQL injection inside of an ORDER BY clause
Passphrase - Cyberapocalypse 2021 CTF
A simple reverse-engineering challenge invoving stringcompare
Authenticator - Cyberapocalypse 2021 CTF
Reverse-engineering a binary, involving both stringcompare and a bit of XOR magic
Key Mission - Cyberapocalypse 2021 CTF
Having fun with USB Human Interface Devices, namely a keyboard. The twist was having to deal with the Shift key
Nintendo Base64 - Cyberapocalypse 2021 CTF
An easy warm-up cryptography challenge, dealing with multilayered base64 encoding and obfuscation
Soulcrabber - Cyberapocalypse 2021 CTF
A challenge written in Rust, showcasing using known seeds for pseudo-random number generators
Phasestream 1- Cyberapocalypse 2021 CTF
The first challenge of this series showcased XOR encryption with a 5-byte key
Phasestream 2 - Cyberapocalypse 2021 CTF
Still on the topic of XOR, this time using a 1-byte key, but hiding the real flag in a list of 9999 different strings
Phasestream 3 - Cyberapocalypse 2021 CTF
A challenge showcasing the devastating effects of reusing keystreams in AES encryption
Phasestream 4 - Cyberapocalypse 2021 CTF
A direct follow-up of the previous challenge, introducing a bit of a guessing game
Alien Camp - Cyberapocalypse 2021 CTF
A fun scripting challenge involving the automatic handling of nc based services
Input as a Service - Cyberapocalypse 2021 CTF
input() in python2.x is scary by default
Thank you for reading!
The information in this blog, as well as all the tools, apps and libraries I develop are currently open source.
I would love to keep it this way, and you can help!
You can buy me a coffee from here, which will go towards the next all-nighter I pull off!
Or you can support me and my code monthly over at Github Sponsors!
Thanks!
This is a writeup for the Alien Camp challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Misc.
The Ministry of Galactic Defense now accepts human applicants for their specialised warrior unit, in exchange for their debt to be erased. We do not want to subject our people to this training and to be used as pawns in their little games. We need you to answer 500 of their questions to pass their test and take them down from the inside.
This is a writeup for the Authenticator challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Reverse.
We managed to steal one of the extraterrestrials' authenticator device. If we manage to understand how it works and get their credentials, we may be able to bypass all of their security locked doors and gain access everywhere!
This is a writeup for the Passphrase challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Reverse.
You found one of their space suits forgotten in a room. You wear it, but before you go away, a guard stops you and asks some questions.
This is a writeup for the Inspector Gadget challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Web.
Inspector Gadget was known for having a multitude of tools available for every occasion. Can you find them all?
This is a writeup for the miniSTRypalace challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Web.
Let’s read this website in the language of Alines. Or maybe not?
