Hack The Box – Rope

This article contains my writeup on the machine Rope from Hack The Box. I really enjoyed the box, since it provides a total of three custom binaries, which are supposed to be exploited 🙂

The article is divided into the following parts:

User
    – Initial Recon
    – httpserver
    – Leak Memory Address
    – Exploit Format String Vulnerability
    – Escalating from john to r4j (readlogs)

Root
    – Local Recon
    – contact
    – Bruteforce
    – Libc Leak
    – Final Exploit

Continue reading “Hack The Box – Rope”

HACKvent19 writeup

This year’s HACKvent was hosted on the brand new Hacking-Lab 2.0 plattform. Each day from the 1st of december until the 24th a new challenge is published raising in difficulty. The flag format changed from HV18-xxxx-xxxx-xxxx-xxxx-xxxx to HV19{...}. After all I managed to solve all 28 challenges 🙂
Hidden
HV19.H1 Hidden One
HV19.H2 Hidden Two
HV19.H3 Hidden Three
HV19.H4 Hidden Four
Easy
HV19.01 censored
HV19.02 Triangulation
HV19.03 Hodor, Hodor, Hodor
HV19.04 password policy circumvention
HV19.05 Santa Parcel Tracking
HV19.06 bacon and eggs
HV19.07 Santa Rider
Medium
HV19.08 SmileNcryptor 4.0
HV19.09 Santas Quick Response 3.0
HV19.10 Guess what
HV19.11 Frolicsome Santa Jokes API
HV19.12 back to basic
HV19.13 TrieMe
HV19.14 Achtung das Flag
Hard
HV19.15 Santa’s Workshop
HV19.16 B0rked Calculator
HV19.17 Unicode Portal
HV19.18 Dance with me
HV19.19 U+1F385
HV19.20 i want to play a game
HV19.21 Happy Christmas 256
Leet
HV19.22 The command … is lost
HV19.23 Internet Data Archive
HV19.24 ham radio

Continue reading “HACKvent19 writeup”

Google CTF 2019 (Quals) – Quantum Key Distribution

This years online qualification for the Google Capture The Flag finals (ctftime.org) ran from 22/06/2019, 00:01 UTC to 23/06/2019 23:59 UTC.

As last year, there were plenty of diversified challenges, which were worked out very well.

I tried to take at least a look at as much challenges as possible and solved the challenge Quantum Key Distribution, which was relatively easy based on the amounts of solves. Within this article I want to share my writeup on this challenge.

The writeup is divided into the following sections:

Continue reading “Google CTF 2019 (Quals) – Quantum Key Distribution”

VolgaCTF 2019 Qualifier – Blind

The VolgaCTF 2019 Qualifier (ctftime.org) took place from 29/03/2019, 15:00 UTC to 31/03/2019 15:00 UTC.

There has been a really interesting RSA crypto challenge called Blind, which I would like to share with you in this writeup.

The article is divided into the following sections:

Challenge description
What does the script do?
Blind RSA Signature
Retrieving the Flag

Continue reading “VolgaCTF 2019 Qualifier – Blind”