Luckily, we can just ignore that HTTP code. The gist of the challenge was that we were provided with a simple Word Document with the extension of docm. gitbook. “HTB: Cyber Apocalypse 2024 — Delulu” is published by Szigecsán Dávid in InfoSec Write-ups. Writeup for Character featured in Cyber Apocalypse 2024. The challenge is worth 300 points and falls under the category Misc. Points: 325. All tasks and writeups are copyrighted by their respective authors. exe file from the same URL. It contains detailed write-ups for Maze, BunnyPass and Rids challenges. Last update:March 19, 2024. 2 PM UTC. txt. Think you can escape my grasp? Challenge accepted! I dare you to try and break free, but beware, it won't be easy. HTB Cyber Apocalypse Previous HTB Cyber Apocalypse Next Flag Command. BlitzProp. And they'll happily give us poor humans the source because they're so confident it's secure! Stars: 1/5. Mar 20, 2024 · This writeup covers the TimeKORP Web challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. Cyber Apocalypse 2024: Hacker Royale Write-up. Yet, just as confusion takes hold, your gaze locks onto cryptic markings adorning the nearby wall. Primary Knowledge. Security through Induced Boredom is a personal favourite approach of mine. Read all stories published by InfoSec Write-ups on June 13, 2024. --. Apr 12, 2024 · Cyber Apocalypse 2024: Hacker Royale. Flag: HTB {t1m3_f0r_th3_ult1m4t3_pwn4g3} Original writeup (https://cybersecmaverick. Subscribe to Original writeup (https://github. 00. It's a trap, set in a world where nothing comes without a cost. Mar 14, 2024 · The flag is in three parts as the description says. HTB Cyber Apocalypse 2023 writeups This repo includes my solutions to the challenges I have solved during the contest . We are given a file capture. Phase Stream 3. The challenge was a tutorial about integer overflows. Original writeup (https://medium. This week, my team and I played HackTheBox’s fourth iteration of their Cyber Apocalypse event; this one being named Cyber Apocalypse 2024 - Hacker Royale. Follow @CTFtime © 2012 — 2024 CTFtime team. HTB Cyber Apocalypse CTF2024 - Writeups by C0d3 Bre4k3rs using System ; class CyberApocalypseCTF2024 { static public void Main ( String [ ] args ) { Console . If we send single quotes in username/password box it triggers a MySQL error! Tried SQLMap but it fails due to 401: Unauthorized. This vulnerable part of the code will allow us to replace the TEXT on the template file index. io/ctf-writeups/htb-cyber-apocalypse-2023/2023-htb-cyber-apocalypse-challenges/web-spybug). req --batch --ignore-code 401. Unzipping the download reveals a list of 143 Windows event log files (with the . Solidity 21. Mar 20, 2024 · This article shares my walkthroughs of HackTheBox's HTB Cyber Apocalypse CTF 2024 Reverse Engineering challenges. 1:50002 satoshi@83. You need to reverse engineer the device in order to make contact with the mutant and claim your last chance to make it out alive. Jun 13, 2024 · Barış Ekin Yıldırım. The challenge involved implementing a ‘decryption’ function for a provided Python ‘encryption’ function. Notifications Fork 0; Star 0. The Cyber Guy. Crypto; Forensics; Hardware; Misc; Pwn; Reversing; Web; Team; Results Mar 24, 2024 · This writeup covers the Dynastic Crypto challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. We placed 625th out of 5693 teams (~11000 players!), being in the top 11%, and here’s a compilation of the challenges that I’ve solved. 0%. Writeup for KORP Terminal (Web) - HackTheBox Cyber Apocalypse CTF (2024) 💜 Welcome to the Cyber-Apocalypse-2024-Writeups repository! This repository contains writeups for various cryptography challenges from the HTB Cyber Apocalypse 2024 competition. Writeup for Unbreakable featured in Cyber Apocalypse 2024. 9%. Cyber Apocalypse 2023 started on the 18th of March and lasted until the Actually, I did download the code and check it very quickly towards the beginning, e. Initialise Connection. CTF writeups, Flash-ing Logs. Mar 14, 2024 · This is a writeup for forensics and hardware challenges from HTB Cyber Apocalypse CTF 2024 Hacker Royale. Original writeup (https://cybersecmaverick. If we start the game, we can select one of 4 options. If I did, I would of discovered the Main. 🚩 Arne's CTF Writeups! 2024. Super fun challenges, thank you organizers! This post covers a handful of web challenges: BlitzProp, Wild Goose Hunt, E. Mar 17, 2024 · This is a writeup for forensics for HTB 2024. Jul 13, 2021 · Tune in and watch talented hackers from the HTB staff plus some extraordinary special guests solving challenges live while sharing tips and tricks for the upcoming CTF. We load the webpage and find a terminal, enter a random string. Pre-Event talks agenda. May 19, 2022 · HTB 2022 Cyber Apocalypse CTF - Forensics category writeups Thu, May 19, 2022 Forensics 1: Puppeteer The challenge has a download, and the description ends with the following line: Help her analyse the Council’s HQ event logs and solve this mystery. com/@cybersecmaverick/htb-cyber-apocalypse-ctf-2024-misc-9d3d512900b4#80bd). 2023. Catch the live stream on our YouTube channel . com/@wrth/solving-htb-cyber-apocalypse-hardware-challenges-without-any-prior-knowledge-of-hardware-2633187210f5). Printing out its contents we notice base64 encoding . Last updated 2 days ago. com/@cybersecmaverick/htb-cyber-apocalypse-ctf-2024-misc-9d3d512900b4#72f7). ## Exploitation phase. In this post I’m going to explain the challenges I solved during the HTB Cyber Apocalypse CTF. I didn't study the source code though. Misc - MultiDigilingual. Mar 14, 2024 · Solution. html, which can be used to perform SSTI injection on Java Velocity. Sending keys to the Talents, so sly and so slick, A network packet capture must reveal the trick. Jun 13, 2024 · Difficulty: Very Easy. LootStash challenge description. What is the IP Address and Port of the SSH Server (IP:PORT) Looking inside the sshd. 'hi' command not found. 107. The ptypes. Attached file. For a list of commands, type 'help'. 130 port 2221 rdomain "". 00:00 Intro00:30 web/flag-command01:08 web/korp-terminal03:36 web/timeKORP05:42 web/labryinth-linguist06:29 web/testimonial15:00 web/locktalk18:47 web/serial The user input is directly passed to the ``printf ()`` function without a corresponding format specifier, which poses a security risk. Format: Jeopardy. 2023 - 2024 Mar 23, 2024 · This writeup covers the Unbreakable Misc challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having an ‘easy’ difficulty. from secret import FLAG from random import randint def to_identity_map(a): return ord(a) - 0x41 def from_identity_map(a): return chr(a % 26 + 0x41) def encrypt(m): c = '' for i in range(len(m)): ch = m[i] if not ch. 36. Although it sure has been a while since I participated in a CTF and the competition took place in business days, I managed to solve some of the challenges, most on the easier side. You stumble into a clearing, finding a small, cozy-looking tavern with "The Sloshed Squirrel" swinging on the signpost. . Rating weight: 25. com/evyatar9/Writeups/tree/master/CTFs/2023-Cyber_Apocalypse_HTB/Pwn-Labyrinth). Cyber Champions CTF Writeups for All Forensics Challenges from R£v!l Team The application uses Protocol Buffers for defining messages and gRPC for communication. Despite not clearing the insane difficulty challenge, I was still happy that I managed to solve almost all of the forensics challenges. Welcome to my writeup! Here you'll find detailed explanations of various challenges I've solved in Cyber Apocalypse CTF 2024 of HackTheBox. eml file. Solution. We are given a string encrypted with a classical cipher. Mar 24, 2023 · Description: Threat intelligence has found that the aliens operate through a command and control server hosted on their infrastructure. Reviewing HTTP objects list we see: The file nBISC4YJKs7j4I is an xml containing, which seems to be a Cyber Apocalypse 2024: Hacker Royale | HTB CTFHTB - Capture The Flag. Sat, 09 March 2024, 13:00 UTC — Wed, 13 March 2024, 12:59 UTC. A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Game Invitation was a hard forensics challenge that was pretty easy to solve and me and my team AirOverflow solved fairly quickly. evtx extension). Crypto. txt/flag$ (cat/dev/urandom|tr-cd "a-f0-9" |head-c10). The challenge prompt is: A tribute page for the legendary alien band called BlitzProp! Original writeup (https://cybersecmaverick. com/@cybersecmaverick/htb-cyber-apocalypse-ctf-2024-reversing-d9eb85c59ca9#32f1). Writeups for some Apocalypse CTF. The challenge is worth 300 points and falls under the category Forensics. I'm ready for whatever tricks you have up your sleeve! Contribute to zer00d4y/writeups development by creating an account on GitHub. blog/2023/htb-cyber-apocalypse-ctf-2024-web-writeups/ This blog post contains the writeups for the web challenges that i solved from HTB Cyber Apocalypse 2024. To trigger the execution of the ``delulu ()`` function, we must modify the value Writeup. Legends speak of its magic powers, but cautionary tales warn of the dangers of misuse. NahamConCTF Cyber Apocalypse 2021 was a great CTF hosted by HTB. Python 100. OK, let's do it. My team, called “ISwearIGoogledIt”, obtained the 139 place solving the half of the total challenges. UIU. However, since there is no win function in the binary, we will need to leak the libc address and use a ret-to-libc attack. Last week, I participated in Hack The Box Cyber Apocalypse CTF 2023 as a member of team BKISC and we finished top 29 among 6000+ teams. Mar 24. 95 port 47721 on 100 . HTB cyber apocalypse Blockchain: Navigating the Unknown Blockchain: Shooting 101 Apr 24, 2021 · CTF Cyber Apocalypse Writeups. 1%. sqlmap -r new. 89. [INFO] POST parameter 'username' is 'MySQL >= 5. 17th March, 2023. A collection of solution to some of the challenges in this ctf License. 1 Web challenges Lock Talk (medium) Labyrinth Linguist (easy) Testimonial (easy) KORP Terminal (very easy) TimeKORP (very easy) Flag Command (very easy) 2 Forensics challenges Data Siege (medium) Mar 22, 2024 · The HTB Cyber Apocalypse 2024 Misc challenges presented a mix of difficulty levels, from easy to hard, each requiring a different approach and problem-solving strategy. An Overview of CWEE. Contents. Dynastic. Previous3 spiesNextBlockchain. com/htb-cyber-apocalypse-ctf-2024-hardware-a45ddedae49b#725c). For the Mavericks, here’s a command-line trick to do the same thing: Note: you may not have html2text installed by default and you may need to install it using: sudo apt update && sudo apt install html2text first. Phreaky. Learn from my CTF walkthroughs of forensics challenges, and enhance your CTF skills. Unbreakable challenge description. The client communicates with the gRPC server to submit testimonials. HTB CTF Cyber Apocalypse. 72. The challenge involved the identification and exploitation of a printf format string vulnerability within an ELF x86-64 binary. Rating: # Phreaky > In the shadowed realm where the Phreaks hold sway, A mole lurks within, leading them astray. CryptoCat's CTF writeups. Space Heroes CTF. Now, even though I'm not that well-versed with Forensics but I know that docm is the extension It is known that voxalith was also spoken by the guardians of the maze that were once benign but then were turned against humans by a corrupting agent KORP devised. Powered by GitBook This means that if we select option 2, we will have a chance to perform a buffer overflow. 2 Key techniques. 1 Introduction. java file imports velocity and inserts Jan 9, 2022 · HTB Cyber Apocalypse CTF 2024 — Web. by sealldeveloper / thehackerscrew. 3. Difficulty: medium. Tree, and The Galactic Times. Kodar. WriteLine ( " To be added " ) ; } } May 24, 2024 · May 24, 2024. $ ssh -p 57644 -L 50002:127. The on section is the server. This writeup covers the Delulu Pwn challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. Through data and bytes, the sleuth seeks the sign, Decrypting messages, crossing Mar 12, 2024 · This is the RCE payload that exploit Apache ActiveMQ vulnerability (CVE-2023-46604). HTB Cyber Apocalypse. Mar 17, 2024 · Mar 17, 2024. 4 Obtaining the flag. Build the strongest faction KORP™ has created distinct trials for all factions to overcome! Mar 23, 2023 · There were 12440 people making up approximately 4000 teams battling it out for prizes including a $13,900 first place purse. This writeup covers the LootStash Reversing challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. The server serves static files using the Chi router and implements a gRPC server. Event Overview; Table Of Contents; Writeups. 8 min read. This event's future weight is subject of public voting! Future weight: 36. ianeyinda / htb-cyber-apocalypse-2024-writeups Public. isalpha(): ech = ch else: chi = to_identity_map(ch) ech = from_identity_map(chi + i) c += ech return c with open Mar 19, 2024 · Flag Command Writeup - Cyber Apocalypse 2024. Mar 14, 2024 · Video walkthrough for the first 7 web challenges from @HackTheBox Cyber Apocalypse CTF 2024 (Hacker Royal); Flag Command, TimeKORP, KORP Terminal, Labyrinth Linguist, Locktalk, SerialFlow and Testimonial. That specific line of code should have been written as follows: ```c printf ("%s", (char *)&local_38); ```. To access the attacker wallet, I used the credentials provided in the challenge description to set up a remote port forward for port 50002 from my workstation to the attacker's server with one of the other provided IP and ports. 0 AND error-based - WHERE, HAVING, ORDER BY Mar 22, 2024 · This writeup covers the Tutorial Pwn challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. Mar 29, 2023 · By Minh Le Hong. . Using CyberChef we are able to decode the encoded string and its magic operation can detect the encoding also. Official writeups for Cyber Apocalypse CTF 2024: Hacker Royale - cxzero/htb-cyber-apocalypse-2024 HTB Cyber Apocalypse 2024 Writeups. mv/flag. Mar 18, 2023 · Colletions of CTF writeups and other security tips. Contribute to 0x21AD/HTB-Cyber-Apocalypse-2023-Writeups development by creating an account on GitHub. As you approach a password-protected door, a sense of uncertainty envelops you — no clues, no hints. 103. 8 March 2024 | 3:00PM UTC. Pwn. >> help start Start the game clear Clear the game screen audio Toggle audio on/off restart Restart the game info Show info about the game. Writeup for FakeBoost featured in Cyber Apocalypse 2024. Description. Reload to refresh your session. Phyo WaThone Win. vymvn included in CTF Writeups 2023-03-24 975 words 5 minutes . 3 Mapping the application. The challenge involved bypassing a Python eval function blocklist. CTF writeups, The PROM. As they decode the email, cyber sleuths race to trace its source, under a tight deadline. You stumble upon a mysterious and ancient tome, said to hold the secret to vanquishing your enemies. satoshi@83. 250. A Hack The Box CTF event. g. From this payload, threat actor continue downloading aQ4caZ. Python 78. com/htb-cyber-apocalypse-ctf-2024-web-50b31126de50#e08c). Tags:htb, ctf, cyber apocalypse. Decoder. pcap. You switched accounts on another tab or window. Original writeup (https://s1n1st3r. In the shadow of The Fray, a new test called ""Fake Boost"" whispers promises of free Discord Nitro perks. Because their server uses HTTP, Pandora captured the network traffic to steal the server’s administrator credentials. Here are my writeups for two forensics and one crypto challenges that i solved. Huge shoutout to my teammate @ayam for being helpful in giving nudges for the hard difficulty challenges since he cleared them already, I wish we can meet Locked within a cabin crafted entirely from ice, you're enveloped in a chilling silence. You signed out in another tab or window. Pursue The Tracks challenge description. proto file defines the message and service contracts. Languages. com/htb-cyber-apocalypse-ctf-2024-forensics-16f4c9af5c47#4a81). 1. This was a fun CTF organized by Hack The Box out team placed 59th among thousands of teams !! Here are writeups of some medium level challenges which I managed to solve. You have 4 options! Venturing forth with the grace of a three-legged cat, you head North. Cyber Apocalypse 2024: Hacker Royale. All of them are considered “Web” category. medium. Recently I took part with my company to the HTB Business CTF 2024. Wani Akasec. Mar 19, 2024 · Explore my shared and detailed Forensics write-ups from the HTB Cyber Apocalypse CTF 2024. Dynastic challenge description. 8. Mar 21, 2024 · This article shares my walkthroughs of Hardware challenges from HackTheBox's HTB Cyber Apocalypse CTF 2024 competition. Alejandro Nadal. Greeted by a login page. Description: The aliens have learned the stupidity of their misunderstanding of Kerckhoffs's principle. In the midst of Cybercity’s “Fray,” a phishing attack targets its factions, sparking chaos. Pandora managed to penetrate their defenses and have access to their internal network. Apr 24, 2021 7 min read CTF, HTB, EN. We’ve known this is a C# dotnet executable so let’s move on to dnSpy for further analysis. com/htb-cyber-apocalypse-ctf-2024-hardware-a45ddedae49b#72e1). I was busy with my assignment at school so i could only join in the last 2 days. 2 Mapping the application via client side source code review. Ahmed Ghanem. The challenges involved API testing, command injection, SQL injection (SQLi), server-side template injection …. #HTB Business CTF 2024. Mar 14, 2024 · Forensics [Very Easy] Urgent. Last updated 3 months ago. Lightfoe — Forensic very easy to hard. Writeups for all pwn challenges from HTB Cyber Apocalypse 2023 - Mymaqn/HTBCA2023_Pwn_Writeups Jan 28, 2024 · Question 1. Turns out, your sense of direction is as bad as your cooking - somehow, it actually works out this time. Urgent [Very Easy] We are given an email file . Now, even though I'm not that well-versed with Forensics but I know that docm is the extension Apr 2, 2024 · Below are writeups of the 35 challenges I managed to complete during the Hack The Box Cyber Apocalypse 2024: Hacker Royale CTF (Capture the Flag). txt that will be in the root directory. The writeups are detailed enough to give you an insight into using various binary analysis tools. Not as exciting as something like The Fray, but I love making it as tedious as possible to see my secrets, so you can only get one character at a {"payload":{"allShortcutsEnabled":false,"fileTree":{"":{"items":[{"name":"blockchain","path":"blockchain","contentType":"directory"},{"name":"crypto","path":"crypto Consequently, when strcmp() is called, it not only reads our input but also the next variables in the stack until reaching a null byte, and compares it with the password. Your eyes land upon an old notebook, its pages adorned with thousands of cryptic mathematical symbols. it's nice to know there's a flag. Now they're going to use a well-known stream cipher (AES in CTR mode) with a strong key. The challenge was a white box web application assessment, as the application source code was downloadable, including build scripts for building and deploying the application locally as a Docker container. Mar 22, 2024 · This writeup covers the Stop Drop and Roll Misc challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having a ‘very easy’ difficulty. Tasked with deciphering these enigmatic glyphs to secure your escape, you set to work, your fingers tracing each intricate curve and line with determination. Mar 29, 2024 · The %20 is the URL encoding for a space character. The description of the challenge is shown below. Similar to the Character challenge, the challenge involved automation to interface with a TCP service but was slightly more complex. Tags: Pwn. Mar 17, 2024 · This writeup covers the Labyrinth Linguist Web challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having an ‘easy’ difficulty. These writeups aim to provide insights into the thought process, techniques, and tools used to solve each challenge. You signed in with another tab or window. As factions clash and alliances shift, the Mar 24, 2023 · HTB Cyber Apocalypse 2023 Writeups. HackTheBox Cyber Apocalypse 2024: Hacker Royale. Host: But first, for those unfamiliar, what exactly is CTF HTB Cyber Apocalypse? It's a high-stakes cybersecurity competition where participants face a serie This is a WIP of writeups for the HackTheBox Cyber Apocalypse 2024, for now there is only writeups for the following: Hardware - BunnyPass; Hardware - Maze; Misc - Character -> refer to Misc - Character (Scripts) for the bash and python files to solve the question This writeup covers the Pursue The Tracks Forensics challenge from the Hack The Box Cyber Apocalypse 2024 CTF, which was rated as having an ‘easy’ difficulty. Below you can find the writeups for all of them. Pwn - Sound of Silence. 2024. Jul 13, 2021 · Meet the HTB team one day before the CTF in an exclusive live stream! Tune in and watch talented HTB hackers plus some extraordinary special guests. Additionally, the read() function has a one-byte buffer overflow bug because local_1e is 6 bytes long, but the read() function receives 7 bytes. log, line 3 says the following: [2024-01-28 15:24:23] Connection from 100 . com/@wrth/solving-htb-cyber-apocalypse-hardware-challenges-without-any-prior-knowledge-of-hardware Mar 14, 2024 · Solution. CTF writeups, Russian Roulette. Write-ups for HackTheBox Cyber Apocalypse CTF 2023 - mugiblue/htb-cyberapocalypse-2023. The challenge involved the forensic analysis of an NTFS MFT (Master File Table) file. The challenge involved searching for plaintext strings in an x86-64 binary. In the end I have managed to solve a total of 49/74 challenges, as an individual contestant which was enough to achieve rank 102/6483. 136. 103 's password: <L4mb0Pr0j3ct>. 0. 1 Mapping the application interactively. Pyt3cH04. Hi Folks! Welcome to another post of my write-up series covering Cyber Apocalypse 2024: Hacker Royal, the annual Capture The Flag (CTF Writeup for TimeKORP (Web) - HackTheBox Cyber Apocalypse CTF (2024) 💜 Mar 14, 2024 · FLAG: HTB{w34kly_t35t3d_t3mplate5} Labyrinth Linguist. Hacking workshops agenda. Here is the output of DIE: Malicious Executable. my uo cl oz tj td cx um nw vo