Greetings :) This writeup is going to be about The Art Of Deception challenge from HackTheBox Cyber Apocalypse CTF - 2023. This is a beginner friendly blockchain challenge. We were gieven a RPC connection info, Private Key of a wallet, and Address of that wallet with 5 ETH for gas fees. RPC is used for connecting, interacting and querying of the blockchain data. We were also given deployed addresses for two smart contracts Setup.

Greetings everyone! This writeup is going to be about “SolveMe” challenge from Down Under CTF - 2022. This is a pretty basic blockchain challenge. A very basic smart contract was deployed. The goal of the challenge was to call the solveChallenge() function from the deployed smart contract. We were given a smart contract file SolveMe.sol: // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; /** * @title SolveMe * @author BlueAlder duc.tf */ contract SolveMe { bool public isSolved = false; function solveChallenge() external { isSolved = true; } } Here, the code is very easy to understand.

Greetings Everyone! This writeup is going to be about KeyGenme challenge from TyphoonCon CTF 2022. I will be using radare2 to do basic reverse engineering and get idea of the program behavior. Then, I will solve this challenge by doing scripting with r2pipe. Simply running the binary with ./ctf-challenge asks for the input and trying supersecurepassword as input throws output stating that it’s not correct, and we should try again. But, we won’t try again entering password here.

Greetings everyone! This was the first forensics challenge from HackTheBox Cyber Apocalypse CTF 2022. Here, we were given multiple .evtx files which were bascially the log files created by windows Event Viewer. Then, As I was looking for ways to view the event logs, I found that chainsaw is pretty amazing tool to hunt through those event logs. chainsaw detected two powershell scripts that looked malicious. So, I extracted those scripts by converting the output from chainsaw onto json, and using jq, and sed to do some text parsing.

Hello everyone! This was the second forensics challenge from HackTheBox Cyber Apocalypse CTF 2022. Here, we were given an MS Windows registry file. After looking for tools to view windows registry files, I found regripper and fred are pretty amazing tools. In here, I will be using fred to extract powershell script out of it, and reglookup for dumping registry data quickly. Once loaded in fred, there was a lot of information, but as the first challenge was related to powershell,

This writeup is going to be about “Hashcash” challenge from UMDCTF - 2022. We were given a ip address and port where we could connect using netcat. It had “Hashcash” running there as a feature to prevent spam emails. Our goal was to pass the implemented hashcash mechanism to get the flag. First of all, let’s understand about hashcash. Hashcash is a proof-of-work system used to limit email spams and can also

Greetings! This writeup is going to be about “XORUA” challenge from UMDCTF - 2022. XOR Operation is performed on two png files to get the flag. Name of the challenge was XORUA. So, most likely it was related to XOR operation. We were given two image files with .png extension; Before.png and After.png. Before.png was a working png file while After.png was corrupted. So, the likely scenario could have been that the orginial image was XORed with something which resulted as corrupted After.

Greetings everyone! This writeup is going to be about my best challenge from HackTheBox University Ctf 2021. This challenge was named LightTheWay from SCADA category. The goal of the challenge was to change the traffic lights to let the vehicle pass through all the stops. Nmap, and Metasploit were used for enumeration, and a python script was created to automate all of the monotonous steps. We were given an ip 10.

Greetings Everyone! This writeup is going to be about The Vault challenge from HackTheBox University Ctf 2021. I will be using radare2 to do basic reverse engineering and solve this challenge. At the end, I will use r2pipe to automate the whole process. Simply running the binary with ./vault exits by showing the error message Could not find credentials Then, I used command rabin2 -z vault | less to see all the available strings.

This writeup is going to be about ‘Clutter Overflow’ challenge from the binary expoitation category of PicoGym. Radare2, and GDB will be used to solve this challenge. Binary Exploitation: Clutter Overflow Running the binary with sample input testinput does not affect the program, prints out code == 0x0 and code != 0xdeadbeef and simply exits. As the challenge title has the word overflow in it, most likely it’s a buffer overflow challenge.

Greetings everyone! This is going to be writeup about the challenge beginner-generic-pwn-number-0 of pwn category from RedPwnCTF 2021. Challenge 1: beginner-generic-pwn-number-0 Running the binary with sample input test simply exited the program with no error code, while running the binary with very long input threw segmentation fault error. So, the program had buffer overflow vulnerability. Then, I tried to find the number of bytes after which overflow occured. I printed a large number of ‘A’ character and passed it to the program, which caused program to crash with same segmentation fault error.