RSS
 

Hackvent 2019: Day 13

13 Dec 2019

  Challenge HV19.13 TrieMe

Resources: Facility: http://whale.hacking-lab.com:8888/trieme/ HV19.13-NotesBean.java.zip Solution We are given a webpage with a form and the java source to the bean that serves that page. Java source:

Initially, we try a few different approached to get our flag. We try to exploit the JSF Viewstate assuming that the state is stored client…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 12

13 Dec 2019

  Challenge HV19.12 back to basic

Resources: HV19.12-BackToBasic.zip Solution We download the above zip file and find a Windows PE executable called  BackToBasic.exe. Upon opening the file we are prompted for some input but our input is always wrong. Initially, we open this file in IDA Pro and inspect it. Its a smallish executable that was originally…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Hidden 3

13 Dec 2019

  Challenge HV19.H1 Hidden Three

Solution During the Day 11 challenge HV19.11 Frolicsome Santa Jokes API, we decide to do some novice penetration testing on the server whale.hacking-lab.com. We attempt many things including a port scan with nmap with default settings:

We find some open ports:

Port 17 seems very interesting as it is an uncommon…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 11

11 Dec 2019

  Challenge HV19.11 Frolicsome Santa Jokes API

  Html file mirror: FSJA API Description Solution We have the spec for the FSJA API that the elves have made. We use Postman to play around with the API to get a feel for how it works. Following the instructions, we are able to register a…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 10

11 Dec 2019

  Challenge HV19.10 Guess what

Resources: HV19.10-guess3.zip Solution We are provided with an ELF binary so the first thing we do is run in in a Linux virtual machine. The binary prompts us for some input and then tells us we have failed! Example with input of test:

We look at the strings in the…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 9

09 Dec 2019

  Challenge HV19.09 Santas Quick Response 3.0 Introduction Visiting the following railway station has left lasting memories. Santas brand new gifts distribution system is heavily inspired by it. Here is your personal gift, can you extract the destination path of it? Solution We know that the QR code system is inspired by the first image…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 8

08 Dec 2019

  Challenge HV19.08 SmileNcryptor 4.0

  Dump-File: dump.zip Solution We download the zip file and extract the dump.sql file within. It contains the database schema for some credit cards as well as our flag. First we look at the flag insert statement:

The prefix and postfix of the flag is stored explicitly in different…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Hidden 2

08 Dec 2019

  Challenge HV19.H2 Hidden Two

For easy download, get it here: HV19-SantaRider.zip Solution During the Day 7 challenge HV19.07 Santa Rider, we notice there is a ZIP file available to download. This ZIP file has the typical guid file name and contains one file called 3DULK2N7DcpXFg8qGo9Z9qEQqvaEDpUCBB1v.mp4. The inner MP4 file has the same hash as…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Day 7

08 Dec 2019

  Challenge HV19.07 Santa Rider

Resources: For easy download, get it here: HV19-SantaRider.zip Solution We watch the provided video and notice that about half way through the LEDs light up in an interesting order. There are 8 total LEDs and multiple LEDs light up at once so we think that this may be hidden binary…read more.

 
No Comments

Posted in Hackvent 2019

 

Hackvent 2019: Hidden 1

06 Dec 2019

  Challenge HV19.H1 Hidden One

Solution During the Day 6 challenge HV19.06 bacon and eggs, we notice there is a lot of suspicious whitespace (space and tab) characters after each line of statistics about Francis Bacon. As the theme for this challenge was crypto, we Google search for white space cipher. One of the…read more.

 
No Comments

Posted in Hackvent 2019