RSS
 

Hackvent 2019: Day 16

16 Dec 2019

Challenge HV19.16 B0rked Calculator

Resources: HV19.16-b0rked.zip Solution We are presented with a x86 Windows binary file. Upon inspection it looks to be a simple calculator but unfortunately its borked! It supports the following operations: + -  *  and /. However, it seems like it either ignores the left or right operand in calculations. In the…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 15

15 Dec 2019

Challenge HV19.15 Santa’s Workshop

Page snapshot:

Solution NOTE: Unfortunately, the server for this challenge was broken for a long time and caused a lot of pain and suffering. In the end it took 6 hours longer than it needed to. We land on a nice landing page with a counter which counts upwards. We…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Hidden 4

14 Dec 2019

Challenge HV19.H4 Hidden Four Solution During the Day 14 challenge HV19.14 Achtung das Flag, our final flag looks quite interesting: HV19{s@@jSfx4gPcvtiwxPCagrtQ@,y^p-za-oPQ^a-z\x20\n^&&s[(.)(..)][\2\1]g;s%4(...)%"p$1t"%ee} The hints in the __DATA__ segment point us in the right direction:

So we evaluate the string as Perl code like so:

This prints out the content of our hidden flag: Squ4ring the Circle Flag:  HV19{Squ4ring the Circle}

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 14

14 Dec 2019

Challenge HV19.14 Achtung das Flag

Solution We are provided with some Perl code so we decide to run it. We realise we need the Tk module which seems to be some GUI library for Perl. After running the code we are presented with a game which allows us to control the direction of…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 13

13 Dec 2019

Challenge HV19.13 TrieMe

Resources: Facility: http://whale.hacking-lab.com:8888/trieme/ HV19.13-NotesBean.java.zip Solution We are given a webpage with a form and the java source to the bean that serves that page. Java source:

Initially, we try a few different approached to get our flag. We try to exploit the JSF Viewstate assuming that the state is stored client side…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 12

13 Dec 2019

Challenge HV19.12 back to basic

Resources: HV19.12-BackToBasic.zip Solution We download the above zip file and find a Windows PE executable called  BackToBasic.exe. Upon opening the file we are prompted for some input but our input is always wrong. Initially, we open this file in IDA Pro and inspect it. Its a smallish executable that was originally written…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Hidden 3

13 Dec 2019

Challenge HV19.H1 Hidden Three

Solution During the Day 11 challenge HV19.11 Frolicsome Santa Jokes API, we decide to do some novice penetration testing on the server whale.hacking-lab.com. We attempt many things including a port scan with nmap with default settings:

We find some open ports:

Port 17 seems very interesting as it is an uncommon port.…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 11

11 Dec 2019

Challenge HV19.11 Frolicsome Santa Jokes API

Html file mirror: FSJA API Description Solution We have the spec for the FSJA API that the elves have made. We use Postman to play around with the API to get a feel for how it works. Following the instructions, we are able to register a new user…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 10

11 Dec 2019

Challenge HV19.10 Guess what

Resources: HV19.10-guess3.zip Solution We are provided with an ELF binary so the first thing we do is run in in a Linux virtual machine. The binary prompts us for some input and then tells us we have failed! Example with input of test:

We look at the strings in the binary…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 9

09 Dec 2019

Challenge HV19.09 Santas Quick Response 3.0 Introduction Visiting the following railway station has left lasting memories. Santas brand new gifts distribution system is heavily inspired by it. Here is your personal gift, can you extract the destination path of it? Solution We know that the QR code system is inspired by the first image so…read more.

 
No Comments

Posted in Hackvent 2019