/cyber-apocalypse-2024

Official writeups for Cyber Apocalypse CTF 2024: Hacker Royale

Primary LanguagePython

HTB

Category Name
Objective
Difficulty [⭐⭐⭐⭐⭐]
Crypto Dynastic Caesar Cipher with increasing shift
Crypto Makeshift Reverse a simple custom "encryption" algorithm
Crypto Primary Knowledge RSA with prime n which makes retrieving d trivial
Crypto Blunt Numerically small p resulting in solving the DLP easily ⭐⭐
Crypto Iced Tea Straightforward TEA cipher decryption ⭐⭐
Crypto Arranged GCD for p, rearrangement for b, notice point G has small order ⭐⭐⭐
Crypto Partial Tenacity Solve for n mod powers of 10 to recover alternate bits of p and q ⭐⭐⭐
Crypto Permuted DHKE in a symmetric group, solve the DLP for that specific group ⭐⭐⭐⭐
Crypto Tsayaki IV recovery in TEA-CBC mode, exploit equivalent keys attack ⭐⭐⭐⭐
Crypto ROT128 Find collisions in a custom hash consisting of linear operations ⭐⭐⭐⭐⭐
Forensics An unusual sighting SSH logs and bash history analysis
Forensics It Has Begun Bash malware analysis
Forensics Urgent EML analysis
Forensics Fake Boost Powershell-based malware analysis ⭐⭐
Forensics Pursue The Tracks MFT records and timeline analysis ⭐⭐
Forensics Data Siege Network analysis and traffic decryption ⭐⭐⭐
Forensics Phreaky SMTP exfiltration ⭐⭐⭐
Forensics Confinement Ransomware extraction from quarantine folder and data decryption ⭐⭐⭐⭐
Forensics Game Invitation 3-stage malware based macros and javascript analysis ⭐⭐⭐⭐
Forensics Oblique Final R2R (Ready To Run) Stomping analysis ⭐⭐⭐⭐⭐
Misc Character Scripting an iteration
Misc Stop Drop and Roll Scripting string manipulation
Misc Cubicle Riddle Implement an algorithm for min,max values in Python bytecode ⭐⭐
Misc Unbreakable Abusing Python eval() and a blacklist bypass ⭐⭐
Misc We're Pickle Phreaks Escape from a pickle sandbox using an insecure imported module ⭐⭐
Misc Colored Squares Extract conditions from a Folders program and solve with Z3 ⭐⭐⭐
Misc Quantum Conundrum Implement Quantum Teleportation using CNOT and Hadamard gates ⭐⭐⭐
Misc We're Pickle Phreaks Revenge Escape from a pickle sandbox using builtin internal methods ⭐⭐⭐
Misc Path of Survival Parse a game map and implement Dijkstra's algorithm ⭐⭐⭐⭐
Misc MultiDigilingual Construct a polyglot of 6 different programming languages ⭐⭐⭐⭐
Pwn Delulu Format string vulnerability, overwriting variable
Pwn Tutorial Integer Overflow
Pwn Writing on the wall Off-by-one overflow with strcmp bypass using null bytes
Pwn Pet companion ret2csu exploitation in glibc-2.27 ⭐⭐
Pwn Rocket Blaster XXX ret2win exploitation technique with 3 arguments ⭐⭐
Pwn Death Note UAF vulnerability to leak libc ⭐⭐⭐
Pwn Sound of Silence Call gets to provide parameter to system ⭐⭐⭐
Pwn Maze of Mist ret2vdso ⭐⭐⭐⭐
Pwn Oracle Libc leak via heap into shell duplicated to socket ⭐⭐⭐⭐
Pwn Gloater Partial overwrite to free and realloc tcache_perthread_struct ⭐⭐⭐⭐⭐
Rev BoxCutter strace
Rev LootStash strings
Rev PackedAway upx
Rev Crushing File format parsing ⭐⭐
Rev FollowThePath Reverse self-decrypting Windows code ⭐⭐⭐
Rev QuickScan Fast automatic binary analysis ⭐⭐⭐
Rev FlecksOfGold C++ ECS reversing ⭐⭐⭐⭐
Rev Metagaming C++ metaprogramming/template VM reversing ⭐⭐⭐⭐
Rev MazeOfPower Solving a golang maze game via a backdoor ⭐⭐⭐⭐⭐
Web Flag Command Find the secret command in JSON response and use it to get flag
Web KORP Terminal SQL injection to extract and crack bcrypt password hash
Web TimeKORP Command injection
Web Labyrinth Linguist Blind Java Velocity SSTI ⭐⭐
Web Testimonial GRPC to SSTI via file overwtite ⭐⭐
Web LockTalk HAProxy CVE-2023-45539 => python_jwt CVE-2022-39227 ⭐⭐⭐
Web SerialFlow Memcached injection into deserialization RCE with size limit ⭐⭐⭐
Web Percetron HTTP smuggling on haproxy by abusing web socket initiation response code to keep TCP open => Curl Gopher SSRF => Malicious MongoDB TCP packet causing privilege escalation => Cypher injection through malicious X509 certificates => Undocumented command injection in @steezcram/sevenzip library ⭐⭐⭐⭐
Web apexsurvive Exploit race condition in email verification and get access to an internal user, perform CSS Injection to leak CSRF token, then perform CSRF to exploit self HTML injection, Hijack the service worker using DOM Clobbering and steal the cookies, once admin perform PDF arbitrary file write and overwrite uwsgi.ini to get RCE. ⭐⭐⭐⭐⭐
Hardware BunnyPass Default credentials on RabbitMQ
Hardware Maze Navigate the filesystem of a printer
Hardware Rids Read flash memory ⭐⭐
Hardware The PROM Read the extra memory of an EEPROM. ⭐⭐⭐
Hardware Flash-ing Logs Flash memory ⭐⭐⭐⭐
Blockchain Russian Roulette Small brute force in a function call
Blockchain Recovery Recover stolen BTC funds given an Electrum seed phrase ⭐⭐
Blockchain Lucky Faucet Integer Underflow ⭐⭐