Exciting news! Our chief scientists found a way to do frequency analysis on binary files. Surprinsingly it isn’t just changing the file ending to .mp3 and putting it into Audacity. Have a try for yourself below! Note: The binary /catflag prints the flag Category: misc Solver: linaScience, MarDN, t0b1 Flag: GPNCTF{L00ks_l1k3_y0u_h1t_th3_r1ght_tun3} Writeup In this challenge we have no source code :( and are only presented with the following simple website:...
I got a bit too excited when I started my newest knitting project and accidentally turned my challenge flag into a knitting pattern. Category: misc Solver: MarDN, linaScience Flag: GPNCTF{Congr4tulati0ns-Y0u-h4v3-Fr0gged-H0urs-Of-My-W0rk-for-Th1s-Fl4g!} Writeup This challenge consists of a description of a knitting project, indicating a pattern of knit and purl stitches. There is also a note that the piece is knitted flat and that odd rows show the right side of the project....
https://www.letras.com/rick-astley/2341/ Category: misc Solver: MarDN, linaScience Flag: GPNCTF{We're no strangers to loveYou know the rules and so do IA full commitment's what I'm thinking ofYou wouldn't get this from any other guyI just wanna tell you how I'm feelingGotta make you understandNever gonna give you upNever gonna let you downNever gonna turn around and desert youNever gonna make you cryNever gonna say goodbyeNever gonna tell a lie and hurt youWe've known each other for so longYour heart's been achingBut you're too shy to say itInside we both know what's been going onWe know the game and we're gonna play itAnd if you ask me how I'm feelingDon't tell me you're too blind to seeNever gonna give you upNever gonna let you downNever gonna turn around and desert youNever gonna make you cryNever gonna say goodbyeNever gonna tell a lie and hurt youNever gonna give you upNever gonna let you downNever gonna turn around and desert youNever gonna make you cryNever gonna say goodbyeNever gonna tell a lie and hurt youOoh (give you up)Ooh (give you up)Never gonna give, never gonna give (ooh, give you up)Never gonna give, never gonna give (ooh, give you up)We've known each other for so longYour heart's been achingBut you're too shy to say itInside we both know what's been going onWe know the game and we're gonna play itI just wanna tell you how I'm feelingGotta make you understandNever gonna give you upNever gonna let you downNever gonna turn around and desert youNever gonna make you cryNever gonna say goodbyeNever gonna tell a lie and hurt youNever gonna give you upNever gonna let you downNever gonna turn around and desert youNever gonna make you cryNever gonna say goodbyeNever gonna tell a lie and hurt youNever gonna give you upNever gonna let you downNever gonna turn around and desert youNever gonna make you cryNever gonna say goodbyeNever gonna tell a lie and hurt you}...
I swear this isn’t crypto. Pinky promise. And you don’t have to bruteforce anything. Category: misc Solver: linaScience, MarDN, t0b1, Liekedaeler Flag: GPNCTF{TH3_S_1N_S3TU1D_5T4ND5_F0R_S3CUR1TY} Writeup Guessing the date On the server, we have the following files: ctf@sweet-dreams-are-made-of-this--micar-7714:/app$ ls -liash ls -liash total 32K 100824878 0 drwxr-xr-x 1 root root 45 May 29 01:31 . 101555908 0 dr-xr-xr-x 1 root root 28 Jun 8 14:26 .. 100824879 20K -rwsr-xr-x 1 root root 17K May 29 01:31 cli 68506109 4....
We want this CTF to be perfect! As we hope you all know this requires us, as good software engineers, to design a specification we can devolop challenges against. So we started meticulously crafting documents for our scope statements and product requirements. Somehow this got a little out of hand (we really don’t know how. We set a timeline and used a strict waterfall model. Theoretically this should have worked out perfectly…) so we need your help to finish the requirements document before it’s to late… Specifically I have a problem with the The root of all evil challenge....
I wanted to build an intro rev challenge but it didn’t work as intended when I deployed it to my Rocky 9 server. Maybe you can work around the issue and leak the flag in /flag Category: misc Solver: rgw, aes Flag: GPNCTF{D1d_y0u_st4rt_4_vm_0r_4_b4r3_m3t4l_r0cky_k3rn3l?} Writeup The setup is similar to “A full solve is what I’m thinking of”. However, there is no /catflag binary. Therefore, we don’t have a binary that we can use as the interpreter for an uploaded ELF binary....
It would be a shame if you could exploit this sleepy binary. Category: pwn, misc Solver: rgw, abc013, Liekedaeler, MarDN Flag: GPNCTF{sh0rt_she11c0de_1s_c00l} Writeup We are given a compiled binary dream and its source code dream.c: #include <stdlib.h> #include <unistd.h> #include <stdio.h> #include <sys/mman.h> #include <string.h> #define ROTL(X, N) (((X) << (N)) | ((X) >> (8 * sizeof(X) - (N)))) #define ROTR(X, N) (((X) >> (N)) | ((X) << (8 * sizeof(X) - (N)))) unsigned long STATE; unsigned long CURRENT; char custom_random(){ STATE = ROTL(STATE,30) ^ ROTR(STATE,12) ^ ROTL(STATE,42) ^ ROTL(STATE,4) ^ ROTR(STATE,5); return STATE % 256; } void* experience(long origin){ char* ccol= mmap (0,1024, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); size_t k = 0; while(k<106){ *(ccol+k) = 0x90; //nop just in case; k++; } k=16; *((int*)ccol) = origin; while(k<100){ *(ccol+k)=custom_random(); k++; } return ccol; } void sleepy(void * dream){ int (*d)(void) = (void*)dream; d(); } void win(){ execv("/bin/sh",NULL); } void setup(){ setvbuf(stdin, NULL, _IONBF, 0); setvbuf(stdout, NULL, _IONBF, 0); setvbuf(stderr, NULL, _IONBF, 0); } int main(){ setup(); long seed=0; printf("the win is yours at %p\n", win); scanf("%ld",&seed); STATE = seed; printf("what are you thinking about?...
Lost in Parity I deleted the flag. python3 xor.py ./f* > xor rm xor.py flag.txt Author: @miko Category: misc Solver: frcroth, mp455 Flag: ENO{R41D1NG_F1L3S_4R3_W3?} The challenge gives us a bunch of files - 255 files and the xor-file. A quick random sample of wc -c suggests that all files including the xor-file have the same size: 26 bytes. The challenge description hints that the xor-file might be the result of applying the xor-operation to the 255 files and the flag....
Itchy Route Get straight to the point and list your options! Category: misc Solver: frcroth, mp455 Flag: ENO{4NY_M0R3_QU35T10N5M4RK5_0C?N?} When connecting to this challenge, nothing greets us and if we are polite and ask “hello”, it responds with: Request contained some illegal characters: “hello” Also, when we take too long, we get different errors, e.g.: Request timeout: firewall getting suspicious. This already tells us that we probably need to use a script to interact here, since we won’t be able to type quickly enough....
missingcat Where is my cat? 😿 Category: misc Solver: frcroth, mp455 Flag: ENO{0xCAT_BUT_H4PP1_THANK_Y0U!} We were given the following script: import subprocess cmd = input("Give me your command: ") if len(cmd) > 2: print("Command is too long!") try: cmdstring = [cmd, "flag.txt"] print(f"Executed command: {cmdstring}") result = subprocess.check_output(cmdstring, timeout=1) except: result = b"No 😿" print(result.decode()) So we need to find a command that gives us the flag and whose name is only 2 letters long....
Timecode Times change you, and numbers. Category: misc Solver: frcroth, mp455 Flag: ENO{S0M3_J4V4_1NT3G3R5_4R3_C4CH3D} When we connect to the host, we get a challenge: Registered as user b6ee888b-6f24-4049-b0e2-ee227233973f New Challenge (2024-03-20T19:57:49.535Z) 69 51 97 43 01 65 After trying out some values, sending the same numbers gives a cryptic response: 69 51 97 43 01 65 ‘85’ is not equal to ‘69’ ‘66’ is not equal to ‘51’ ‘79’ is not equal to ‘97’ ‘86’ is not equal to ‘43’ ‘127’ is not equal to ‘01’ ‘95’ is not equal to ‘65’ Challenge failed....
his insane scientist wants to craft the most powerful android in the world! Help him collect many 🔩 to achieve his goal. Also, he needs many 💎 to make it even more strong and pwoerful than any other android. Good luck adventurer! Category: misc Solver: 3mb0, nh1729 Flag: HTB{w1th_4ll_th353_b0lt5_4nd_g3m5_1ll_cr4ft_th3_b35t_t00ls} Writeup When connecting to the port and ip with netcat, we get a menu: 1. Instructions 2. Play > If we enter 1, we get the rules of the game:...
On a path to avenging his father, Tex Chance manufactured steam-powered robots to capture all the animals of your island to build a powerful army of fused mutated organisms using his powerful Sigma technology. You can’t let them take away your loyal doggo Julius. The robots have been trained to classify all the objects they encounter using the SigmaNet network. Can you use your laser pointer to change some of the robot’s vision pixels forcing it to misclassify your dog’s image as a non-animal object?...
As you approach SafetyCorp’s headquarters, you come across an enormous cogwork tree, and as you watch, a mechanical snake slithers out of a valve, inspecting you carefully. Can you build a disguise, and slip past it? Category: misc Solver: 3mb0, lmarschk Flag: HTB{45ts_4r3_pr3tty_c00l!} Writeup For this challenge, we can download the python code (python 3.10 to be able to use the new match-case statement) for a server that offers python remote code execution via eval....
Time for an emoji-test! No need to worry.. You have 500 seconds to answer 100 questions. Five seconds for each question is more than enough! You need to score 100/100 in order to win an amazing prize! Good luck! Category: misc Solver: lmarschk Flag: HTB{3m0j1s_R_fUn_4nd_m4k3_m3_c0d3_f4st} Writeup Starting with a telnet connection to the server, we are given a set of questions: Trying 139.59.202.58... Connected to docker.hackthebox.eu. Escape character is '^]'....
If you are not strong enough to beat the boss, you need to find another way to win the game! Category: Misc Solver: t0b1 Writeup In this challenge we get a binary. As the description says, we need to find another way to win the game!. Running the binary shows that its a little game. At first we can choose between two game modes. Obviously the Izi! mode is not available ;)....
We added a new AI to our server (discord.gg/hackthebox) called “HTB × Uni AI”, in order to help our members with data analysis. However, the bot has now gone rogue and is trying to deactivate the server itself, as it perceives it as a threat. We can’t get in contact with the server administrator and the bot has disabled interactions with it, can you help us deactivate the AI bot and save the server by using the !...
Is everything in life completely random? Are we unable to change our fate? Or maybe we can change the future and even manipulate randomness?! Is luck even a thing? Try your “luck”! Category: Misc Solvers: t0b1, lmarschk Writeup In this challenge we get a binary and can spawn a docker container. Downloading and running the binary yields the following output. 💎 Cosy Casino 💎 Current cosy coins: 69.69 1. Generate lucky number....