Skip to main content

19 posts tagged with "Cyber Security"

View All Tags

· 5 min read

This is a writeup for the Key Mission challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Forensics.


The secretary of earth defense has been kidnapped. We have sent our elite team on the enemy's base to find his location. Our team only managed to intercept this traffic. Your mission is to retrieve secretary's hidden location.

· 2 min read

This is a writeup for the CaaS challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Web.


cURL As A Service or CAAS is a brand new Alien application, built so that humans can test the status of their websites. However, it seems that the Aliens have not quite got the hang of Human programming and the application is riddled with issues.

· 4 min read

Well, here we go. This was the very first CTF event that I took part of while it was happening, and I'm quite proud of my results!

Most importantly, almost every challenge that I finished taught me a bunch of new concepts and techniques, and showcased what can be expected in the field of hunting vulnerabilities.

By the end of the 5-day ordeal I got to 357th place out of 4740 teams and more than 9500 players, and I'm very satisfied with such an outcome from my very first event of this type.

But, as I can now see, the learning process continues even after the event, in the form of writing write-ups! The much more level-headed approach of trying to explain and follow the process of finding the flags means that I get to see my ideas and techniques in a new light, and organise the tools and concepts much better.

Reading write-ups is also indisplensable, as there were quite a few other challenges that I was sure I was very near to solving, but never found out what I was missing. Reading other people's write-ups allowed me to see what I was did right or wrong, and how to improve on that.

So I hope you get that from reading these write-ups as well, and learn a few things from them, or at least see an another approach to solving the same problem.


Category Web

Inspector Gadget - Cyberapocalypse 2021 CTF

An easy warm-up challenge in the style of a scavenger hunt

CaaS - Cyberapocalypse 2021 CTF

Exploiting curl running locally on the host, to get local file inclusion

miniSTRypalace - Cyberapocalypse 2021 CTF

Showcasing the importance of white-listing instead of black-listing commands and strings inside PHP

BlitzProp - Cyberapocalypse 2021 CTF

Exploring the interesting concept ot AST injection and prototype pollution, resulting in remote code exectution. And all of that because we use the wrong version of a library in node

E.Tree - Cyberapocalypse 2021 CTF

Blind XPATH injection with a slight twist

Wild goose hunt - Cyberapocalypse 2021 CTF

A challenge showcasing the weakness of improper handling of mongo queries

Emoji Voting - Cyberapocalypse 2021 CTF

This fun challenge showcases blind SQL injection inside of an ORDER BY clause

Category Reverse

Passphrase - Cyberapocalypse 2021 CTF

A simple reverse-engineering challenge invoving stringcompare

Authenticator - Cyberapocalypse 2021 CTF

Reverse-engineering a binary, involving both stringcompare and a bit of XOR magic

Category Forensics

Key Mission - Cyberapocalypse 2021 CTF

Having fun with USB Human Interface Devices, namely a keyboard. The twist was having to deal with the Shift key

Category Crypto

Nintendo Base64 - Cyberapocalypse 2021 CTF

An easy warm-up cryptography challenge, dealing with multilayered base64 encoding and obfuscation

Soulcrabber - Cyberapocalypse 2021 CTF

A challenge written in Rust, showcasing using known seeds for pseudo-random number generators

Phasestream 1- Cyberapocalypse 2021 CTF

The first challenge of this series showcased XOR encryption with a 5-byte key

Phasestream 2 - Cyberapocalypse 2021 CTF

Still on the topic of XOR, this time using a 1-byte key, but hiding the real flag in a list of 9999 different strings

Phasestream 3 - Cyberapocalypse 2021 CTF

A challenge showcasing the devastating effects of reusing keystreams in AES encryption

Phasestream 4 - Cyberapocalypse 2021 CTF

A direct follow-up of the previous challenge, introducing a bit of a guessing game

Category Misc

Alien Camp - Cyberapocalypse 2021 CTF

A fun scripting challenge involving the automatic handling of nc based services

Input as a Service - Cyberapocalypse 2021 CTF

input() in python2.x is scary by default

· 3 min read

This is a writeup for the Alien Camp challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Misc.


The Ministry of Galactic Defense now accepts human applicants for their specialised warrior unit, in exchange for their debt to be erased. We do not want to subject our people to this training and to be used as pawns in their little games. We need you to answer 500 of their questions to pass their test and take them down from the inside.

· 5 min read

This is a writeup for the Authenticator challenge, part of the Hack the box's Cyberapocalypse CTF 2021, category Reverse.


We managed to steal one of the extraterrestrials' authenticator device. If we manage to understand how it works and get their credentials, we may be able to bypass all of their security locked doors and gain access everywhere!