Hack The Boo 2024 - Competition
Celebrate Halloween with spooky cybersecurity challenges! Test your skills and join the fun!
Coding
Replacement
MiniMax
Difficulty - Easy
A cursed spell has altered a scroll, changing key letters. Replace the haunted letter with a random one to break the curse!
Code Summary
Inputs: The user provides a string and two values.
Replacement: It replaces all occurrences of the first value in the string with the second value.
Output: The modified string is printed.
Difficulty - Easy
In a haunted graveyard, spirits hide among the numbers. Can you identify the smallest and largest among them before they vanish ?
Code Summary
Input: The user inputs a string of numbers separated by spaces.
Conversion: It converts the string into a list of floats, ignoring any empty values.
Sorting: The list of numbers is sorted.
Finding Extremes:
least: The smallest number in the list.highest: The largest number in the list.
Output: It prints the smallest and largest numbers.
Crypto
binary basis
hybrid unifier
Difficulty - Easy
In the depths of an old tomb, a cryptic puzzle guarded a powerful relic. Many had attempted to break its code, but none had succeeded. This time, a daring cryptographer discovered a faint inscription on the wall—a clue, seemingly meaningless, about pairs and shadows of two. As they delved into the cipher, the hint began to make sense, guiding their steps through the labyrinth of numbers. But as the final secret unraveled, the crypt echoed with a low whisper: "Some things are better left in darkness." The relic was revealed, but the curse had only just begun.
This code attempts to recover a flag encrypted with RSA using a provided set of parameters. Let's break down its main steps and purpose:
Parameter Extraction: It reads values of n (modulus), e (public exponent), c (ciphertext), and an extra variable
treatfrom anoutput.txtfile.Prime Factor Recovery:
The code aims to retrieve the prime factors of n from
treatby extracting prime numbers using bit shifts and modulus operations. These primes are likely used to reconstruct n, representing an RSA modulus.
Private Key Calculation:
Using the recovered prime factors, the code computes ϕ(n)\phi(n)ϕ(n) (Euler's totient), which is essential for calculating the RSA private key, d, as the modular inverse of e modulo ϕ(n)\phi(n)ϕ(n).
Decryption of Ciphertext:
Finally, the ciphertext ccc is decrypted using the private key d to get the original message m.
long_to_bytesconverts the integer message m into a byte string, assumed to be the flag.
Points of Consideration
Prime Calculation: The code for
treatlikely assumes some specific RSA key generation behavior, such as primes structured in a certain way. Make sure this operation aligns with the actual RSA key structure for the encryption scheme.Error Handling: Adding error handling for file reading and modular inversions (in case of issues with
inverse) can help avoid runtime errors.
Difficulty - Easy
In the depths of an ancient library, an old manuscript held the key to an unseen power. Scholars who dared to unlock its secrets would first exchange a series of encrypted symbols, forming a bond no one could break. As they secured their connection, layers of protection wrapped around them like invisible chains. But as the final cipher was set, a chilling realization struck—the connection they forged was now bound to something far darker, something watching from the shadows.
Purpose: The code connects to a server, performs a Diffie-Hellman key exchange to securely share a session key, receives a challenge, and uses the session key to request a "flag" (a secret message).
Main Steps:
Request Session Parameters (request_session_parameters):
Connects to the server and requests Diffie-Hellman parameters, ggg and ppp, which are used to create a secure key exchange.
Initialize Session and Key Exchange (init_session):
The client generates its own private and public keys and shares the public key with the server.
Receives the server’s public key, then combines it with the client’s private key to calculate a shared session key.
Hashes this session key using SHA-256 to produce a secure encryption key.
Request Challenge (request_challenge):
Requests an encrypted challenge from the server, which is then decoded and used to authenticate the session.
Authenticate and Request Flag (access_secret):
Decrypts the Challenge: Uses the session key and AES decryption to decode the server's challenge.
Create and Send Action Packet: Encrypts a message asking for the "flag" (secret message) and sends it to the server.
Decrypt the Flag: Receives the encrypted flag, then uses the session key to decrypt it and finally displays it.
Error Handling: If any step fails (like an error response from the server), it prints an error message.
This code sets up a secure communication session with a server, authenticates with it, and retrieves a secret message by following a sequence of encrypted requests and responses. The steps include key exchange, encryption, decryption, and communication with server APIs to ensure data is securely transferred.
Web
WayWitch
Cursed Stale Policy
Difficulty - Easy
NOTE: Access through https://[IP]:[PORT]/
Hidden in the shadows, a coven of witches communicates through arcane tokens, their messages cloaked in layers of dark enchantments. These enchanted tokens safeguard their cryptic conversations, masking sinister plots that threaten to unfold under the veil of night. However, whispers suggest that their protective spells are flawed, allowing outsiders to forge their own charms. Can you exploit the weaknesses in their mystical seals, craft a token of your own, and infiltrate their circle to thwart their nefarious plans before the next moon rises ?
First, you need to grab the cookie session token from the website using Burp.
We already saw a secret key in the source code.
Now copy the session token and go to the official jwt.io website.
Put your token in the encoded section, change your username from '"guest_1234" to "admin", Now copy the encoded token again, and do not click on the secret base64 encoded option.
Now go back to the challenge website again and add /tickets .
Go to the storage section, remove the old value of the session token, and paste the new value from the JWT website.
Then just refresh the website; now we can see the flag or press Ctrl + F to find 'HTB{'.
Difficulty - Easy
In the darkest corners of the haunted web lies a forsaken domain ensnared by the Curse Stale Policy. This eerie enchantment was crafted to repel unwelcome scripts using ever-changing magical wards. Yet, tales from bold adventurers whisper of a flaw in this spectral defense. The protective incantations, meant to renew with each heartbeat, are in fact stagnant and stale, repeating the same old verse. The specter's supposed dynamic charms have become predictable echoes, their once-mighty power diminished by the passage of time. Can you exploit this overlooked vulnerability, breach the stagnant barrier, and uncover the secrets hidden within before the specter realizes his oversight ?
First, you need to find the nonce value from the source code. Just use Ctrl + U to open the source, and then find the value using Ctrl + F.
Just copy the value.
I'm using a script to get the request history.
The nonce value is dynamic, so add your nonce value to get the request history.
Just trigger the bot and scroll down; you will find the request history. Open any history, and you will find the flag.
Hehe, here is your flag.
Pwn
El Pipo
El Mundo
Difficulty - Easy
Visit the challenge website, put this in the submit section and click on Submit, you can find the flag easily.
Here is your flag.
Difficulty - Easy
Here is the script to grab the flag.
Setup: The script sets up an environment using
pwnfor local or remote interaction.Configurations:
Sets
LOCALto determine if it should run locally or remotely.Default IP and port values are set, with command-line options for remote adjustments.
Payload Construction:
Defines a
read_flagfunction address and creates a payload to overflow and call it.
Execution:
Sends the payload, waits for a response, and searches for the flag (
HTB) in the response.
Output:
Prints the flag if found; otherwise, it indicates that no flag was retrieved.
This script is structured to handle both local and remote testing, automating payload delivery and response parsing for flag capture.
Reversing
LinkHands
Terrorfryer
Difficulty - Easy
I was just trying to check if xxd works, but the reverse challenge is very easy, and we can see the flag easily.
We just need to rearrange the flag's format.
Here is your flag.
Difficulty - Easy
It's an easy challenge, but I rate it as medium level.
Code Summary
Functions:
encontrar_indices(alfabeto, cadena): Finds the positions of characters fromalfabetoincadenaand returns their indices.reinventar(resultado, alfabeto): Uses the indices to create a new string fromalfabeto.
Process:
Takes an
alfabetoand a scrambled version of it.Finds where each character appears and returns their indices.
Rearranges a secret string using those indices.
Example:
Just run the code, and you will see the decrypted flag value.
Here is your flag.
Last updated