Hackvent 2019: Day 8
Challenge HV19.08 SmileNcryptor 4.0
|
1 2 3 4 5 6 7 |
Introduction You hacked into the system of very-secure-shopping.com and you found a SQL-Dump with $$-creditcards numbers. As a good hacker you inform the company from which you got the dump. The managers tell you that they don't worry, because the data is encrypted. Dump-File: dump.zip Goal Analyze the "Encryption"-method and try to decrypt the flag. |
Dump-File: dump.zip Solution We download the zip file and extract the dump.sql file within. It contains the database schema for some credit cards as well as our flag. First we look at the flag insert statement:
|
1 |
INSERT INTO `flags` VALUES (1,'HV19{',':)SlQRUPXWVo\Vuv_n_\ajjce','}'); |
The prefix and postfix of the flag is stored explicitly in different…read more.
Hackvent 2019: Hidden 2
Challenge HV19.H2 Hidden Two
|
1 |
Again a hidden flag. |
For easy download, get it here: HV19-SantaRider.zip Solution During the Day 7 challenge HV19.07 Santa Rider, we notice there is a ZIP file available to download. This ZIP file has the typical guid file name and contains one file called 3DULK2N7DcpXFg8qGo9Z9qEQqvaEDpUCBB1v.mp4. The inner MP4 file has the same hash as…read more.
Hackvent 2019: Day 7
Challenge HV19.07 Santa Rider
|
1 |
Santa is prototyping a new gadget for his sledge. Unfortunately it still has some glitches, but look for yourself. |
Resources: For easy download, get it here: HV19-SantaRider.zip Solution We watch the provided video and notice that about half way through the LEDs light up in an interesting order. There are 8 total LEDs and multiple LEDs light up at once so we think that this may be hidden binary…read more.
Hackvent 2019: Hidden 1
Challenge HV19.H1 Hidden One
|
1 |
Sometimes, there are hidden flags. Got your first? |
|
1 2 3 4 5 |
Born: January 22 Died: April 9 Mother: Lady Anne Father: Sir Nicholas Secrets: unknown |
Solution During the Day 6 challenge HV19.06 bacon and eggs, we notice there is a lot of suspicious whitespace (space and tab) characters after each line of statistics about Francis Bacon. As the theme for this challenge was crypto, we Google search for white space cipher. One of the…read more.
Hackvent 2019: Day 6
Challenge HV19.H1 Hidden One Francis Bacon was an English philosopher and statesman who served as Attorney General and as Lord Chancellor of England. His works are credited with developing the scientific method and remained influential through the scientific revolution. Bacon has been called the father of empiricism. His works argued for the possibility of…read more.
Hackvent 2019: Day 4
Challenge HV19.04 password policy circumvention
|
1 2 3 4 5 |
Santa released a new password policy (more than 40 characters, upper, lower, digit, special). The elves can't remember such long passwords, so they found a way to continue to use their old (bad) password: merry christmas geeks |
File mirror: HV19-PPC.zip Solution We download this zip file and extract it to find a HV19-PPC.ahk file. We know that ahk files are AutoHotKey files. Upon inspecting the ahk file we find that this is in fact the case. The script seems to move the cursor around and…read more.
Hackvent 2019: Day 3
Challenge HV19.03 Hodor, Hodor, Hodor
|
1 |
$HODOR: hhodor. Hodor. Hodor!? = `hodor?!? HODOR!? hodor? Hodor oHodor. hodor? , HODOR!?! ohodor!? dhodor? hodor odhodor? d HodorHodor Hodor!? HODOR HODOR? hodor! hodor!? HODOR hodor! hodor? ! hodor?!? Hodor Hodor Hodor? Hodor HODOR rhodor? HODOR Hodor!? h4Hodor?!? Hodor?!? <span class="hljs-number">0</span>r hhodor? Hodor!? oHodor?! hodor? Hodor Hodor! HODOR Hodor hodor? <span class="hljs-number">64</span> HODOR Hodor HODOR!? hodor? Hodor!? Hodor!? . HODOR?!? hodor- hodorHoOodoOor Hodor?!? OHoOodoOorHooodorrHODOR hodor. oHODOR... Dhodor- hodor?! HooodorrHODOR HoOodoOorHooodorrHODOR RoHODOR... HODOR!?! <span class="hljs-number">1</span>hodor?! HODOR... DHODOR- HODOR!?! HooodorrHODOR Hodor- HODORHoOodoOor HODOR!?! HODOR... DHODORHoOodoOor hodor. Hodor! HoOodoOorHodor HODORHoOodoOor <span class="hljs-number">0</span>Hooodorrhodor HoOodoOorHooodorrHODOR <span class="hljs-number">0</span>=`; hodor.hod(hhodor. Hodor. Hodor!? ); |
Solution At first this looks like it may possible be a hidden code with different variations of hodor mapping to English alphabet characters. However, before we look into frequency analysis we do a Google search for hodor programming language and discover that such an esoteric language exists! We find an…read more.
HACKvent 2019: Day 2
Challenge HV19.02 Triangulation
|
1 2 3 |
Today we give away decorations for your Christmas tree. But be careful and do not break it. HV19.02-Triangulation.zip |
File mirror: a5f47ab8-f151-4741-b061-d2ab331bf641 Solution We know that a stl file is 3D model file. Thus naturally we open this file up in a 3D model viewer. On Windows we initially attempt to use 3D Builder. From the hint that says to ‘not break it’ so we really want to break it and…read more.
HACKvent 2019: Day 1
Challenge HV19.01 censored
|
1 |
I got this little image, but it looks like the best part got censored on the way. Even the tiny preview icon looks clearer than this! Maybe they missed something that would let you restore the original content? |
Solution The hint indicates that we should have a clearer smaller image available to us. At first we attempt to shrink the image, resharpen and enlarge but there is too much degradation for that to work. We also open the image in GIMP and mess with levels/contrast with no luck.…read more.
