software, offensive security research
HackyEaster was awesome again. From a technical point of view there weren’t too much new things, but the creativity of the provided challenges made it really fun. Including the little teaser challenge there were a total amount of 37 challenges. These challenges were divided into different levels. You could only proceed to the next level, if you have earned enough points in the current level. I really liked that new idea.
Continue reading “Hacky Easter 2021 writeup” |
This year’s HACKvent hosted on competition.hacking-lab.com has been as great as every year. There was a total amount of 28 awesome challenges with varying difficulties. |
 |
This year’s HACKvent was hosted on the brand new Hacking-Lab 2.0 plattform. Each day from the 1st of december until the 24th a new challenge is published raising in difficulty. The flag format changed from HV18-xxxx-xxxx-xxxx-xxxx-xxxx to HV19{...}. After all I managed to solve all 28 challenges 🙂 |
 |
Hidden |
| HV19.H1 Hidden One HV19.H2 Hidden Two HV19.H3 Hidden Three HV19.H4 Hidden Four |
|
 |
Easy |
| HV19.01 censored HV19.02 Triangulation HV19.03 Hodor, Hodor, Hodor HV19.04 password policy circumvention HV19.05 Santa Parcel Tracking HV19.06 bacon and eggs HV19.07 Santa Rider |
|
 |
Medium |
| HV19.08 SmileNcryptor 4.0 HV19.09 Santas Quick Response 3.0 HV19.10 Guess what HV19.11 Frolicsome Santa Jokes API HV19.12 back to basic HV19.13 TrieMe HV19.14 Achtung das Flag |
|
 |
Hard |
| HV19.15 Santa’s Workshop HV19.16 B0rked Calculator HV19.17 Unicode Portal HV19.18 Dance with me HV19.19 U+1F385 HV19.20 i want to play a game HV19.21 Happy Christmas 256 |
|
 |
Leet |
| HV19.22 The command … is lost HV19.23 Internet Data Archive HV19.24 ham radio |
|
 |
As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. As usual the variety of the challenges was awesome. I actually got full score this year 🙂 Many thanks to daubsi, who gave me a nudge once in a while on the last challenges (you can find his writeup here). |
 |
Easy |
|
01 Twisted 02 Just Watch 03 Sloppy Encryption 04 Disco 2 05 Call for Papers 06 Dots 07 Shell we Argument 08 Modern Art 09 rorriM rorriM |
|
 |
Medium |
|
10 Stackunderflow 11 Memeory 2.0 12 Decrypt0r 13 Symphony in HEX 14 White Box 15 Seen in Steem 16 Every-Thing 17 New Egg Design 18 Egg Storage |
|
 |
Hard |
|
19 CoUmpact DiAsc 20 Scrambled Egg 21 The Hunt: Misty Jungle 22 The Hunt: Muddy Quagmire 23 The Maze 24 CAPTEG |
|
 |
Hidden |
|
25 Hidden Egg #1 26 Hidden Egg #2 27 Hidden Egg #3 |
|
For the sixth time in a row now hacking-lab.com carried out the annual HACKvent. Each day from the 1st of december until the 24th a new challenge is published. I would have loved to spend more time on it, but time is a rare resource especially on the days before christmas 😉 After all I managed to solve 21 of 24 tasks:
 |
Easy |
| Day 01: Just Another Bar Code Day 02: Me Day 03: Catch me Day 04: pirating like in the 90ies Day 05: OSINT 1 Day 06: Mondrian Day 07: flappy.pl |
|
 |
Medium |
| Day 08: Advent Snail Day 09: fake xmass balls Day 10: >_ Run, Node, Run Day 11: Crypt-o-Math 3.0 Day 12: SmartWishList Day 13: flappy’s revenge Day 14: power in the shell |
|
 |
Hard |
| Day 15: Watch Me Day 16: Pay 100 Bitcoins Day 17: Faster KEy Exchange Day 18: Be Evil Day 19: PromoCode Day 20: I want to play a game Day 21: muffinCTF (Day 1) Day 22: muffinCTF (Day 2) Day 23: muffinCTF (Day 3) |
|
 |
Final |
| Day 24: Take the red pill, take the blue pill | |
|
As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. I could not spend as much time as I would have liked to on solving the challenges, but after all I managed to collect 25 of the 27 eggs and focused on this writeup. |
 |
Easy |
|
01 Prison Break 02 Babylon 03 Pony Coder 04 Memeory 05 Sloppy & Paste (mobile) 06 Cooking for Hackers 07 Jigsaw 08 Disco Egg 09 Dial Trial (mobile) |
|
 |
Medium |
|
10 Level Two 11 De Egg you must (not solved) 12 Patience (mobile) 13 Sagittarius… 14 Same same… 15 Manila greetings 16 git cloak –hard 17 Space Invaders 18 Egg Factory |
|
 |
Hard |
|
19 Virtual Hen 20 Artist: No Name Yet (not solved) 21 Hot Dog 22 Block Jane 23 Rapbid Learning 24 ELF |
|
 |
Hidden |
|
25 Hidden Egg #1 26 Hidden Egg #2 27 Hidden Egg #3 |
|
In the last lab we focused on Misc and Stack Cookies. In this next to last lab some characteristics when dealing with C++ are introduced.
While the last lab introduced the subject of Heap Exploitation, this lab focuses on Misc and Stack Cookies.
The lab contains three levels again ranging from C to A:
–> lab8C
–> lab8B
–> lab8A
Continue reading “RPISEC/MBE: writeup lab08 (Misc and Stack Cookies)”
After we have introduced ASLR and ways to bypass it in the last writeup, we will expand our exploits to the Heap in this lab.
In this lab there are only two levels:
–> lab7C
–> lab7A
Continue reading “RPISEC/MBE: writeup lab07 (Heap Exploitation)”
The previous lab focused on the subject of return oriented programming in order to circumvent data execution prevention. The next lab described in this writeup introduces ASLR.
The single levels of this lab range from C to A:
–> lab6C
–> lab6B
–> lab6A
Note: ASLR should be enabled by now.
