Skip to content

Official writeups for Business CTF 2024: The Vault Of Hope

Notifications You must be signed in to change notification settings

hackthebox/business-ctf-2024

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

HTB

Category Name Objective Difficulty [⭐⭐⭐⭐⭐]
Reversing FlagCasino Reversing a rand based flag checker
Reversing SnappedShut Reversing a backdoored v8 snapshot ⭐⭐
Reversing Don't Panic Reversing the use of Rust unwind catching ⭐⭐
Reversing TunnelMadness Solving a 3D maze embedded in a binary ⭐⭐⭐
Reversing SatelliteHijack Reversing a multi-layered ifunc based backdoor ⭐⭐⭐⭐
Crypto eXciting Outpost Recon Recover XOR key given known plaintext
Crypto Living with Elegance Solve decisional problem based on LWE outputs ⭐⭐
Crypto Bloom Bloom Obtain the key derived from BBS outputs and then SSS ⭐⭐
Crypto Not that random Identify fake outputs from a custom vulnerable HMAC ⭐⭐⭐
Crypto Blessed Crack EC-PRNG with LLL + Cheat custom ZKP + Rogue Key Attack ⭐⭐⭐⭐
Blockchain Recruitment Interact with the infrastructure and solve the challenge by satisfying transaction constraints.
Blockchain NotADemocraticElection Common signature forgery attack. ⭐⭐
Blockchain MetaVault Self verification of smart contracts and how "secrets" can sometimes be hidden in the metadata. ⭐⭐
Blockchain Brokenswap Steal funds from a DEX ⭐⭐⭐
Cloud Scurried
Cloud MetaRooted ⭐⭐
Cloud Protrude ⭐⭐
Cloud CloudOfSmoke ⭐⭐⭐
Cloud Asceticism ⭐⭐⭐⭐⭐
Coding Computational Recruiting Sort based on parsed data computed with formulas
Coding Bag Secured Implement an algorithm to solve the knapsack problem ⭐⭐
Coding Dynamic Paths Implement a dynamic programming algorithm to solve the minimum path sum problem ⭐⭐
Coding Branching Tactics Traverse a tree efficiently using binary lifting ⭐⭐⭐
Coding Nothing Without A Cost DP with an optimized divide and conquer approach ⭐⭐⭐⭐
Forensics Caving PowerShell event log analysis
Forensics Silicon Data Sleuthing OpenWRT firmware analysis ⭐⭐
Forensics Tangled Heist LDAP network traffic analysis ⭐⭐
Forensics Mitigation XZ Backdoor detection and mitigation ⭐⭐⭐
Forensics Counter Defensive Kovter based registry persistence analysis and Telegram evidence dump ⭐⭐⭐⭐
Hardware It's Oops PM VHDL backdoor
Hardware Say Cheese! Camera firmware backdoor ⭐⭐
Hardware Six Five O Two Flashing 6502 CPU ⭐⭐⭐
Misc Aptitude Test Connect to a socket via nc and send answers
Misc Chrono Mind LM context injection with path-traversal, LM code completion RCE. ⭐⭐
Misc Hidden Path Analyse a JavaScript file to find a backdoor using invisible characters and use the backdoor for RCE ⭐⭐
Misc Locked Away Simple PyJail, clearing blacklist ⭐⭐
Misc Super-Duper Pwn vm2 bypass js bot ⭐⭐
Misc Prison Pipeline SSRF exfiltrate private NPM registry token, RCE via supply-chain attack ⭐⭐⭐
Misc Zephyr git and sqlite recon ⭐⭐⭐
Pwn Regularity ret2reg to run custom shellcode
Pwn Abyss Abusing lack of null-byte termination ⭐⭐
Pwn No Gadgets Buffer overflow with missing gadgets, complicating leaking and exploitation ⭐⭐
Pwn Insidious Cache side-channel attack to leak flag location ⭐⭐⭐
Pwn Pyrrhus V8 UAF ⭐⭐⭐⭐
Web Jailbreak XXE
Web Blueprint Heist wkhtmltopdf exploit -> LFI -> GraphQL SQLi -> regex bypass -> RCE ⭐⭐⭐
Web HTB Proxy DNS re-binding => HTTP smuggling => command injection ⭐⭐⭐
Web Magicom register_argc_argv manipulation -> DOMXPath PHAR deserialization -> config injection -> command injection ⭐⭐⭐
Web OmniWatch CRLF injection -> header injection -> cache poisoning -> CSRF -> LFI + SQLi -> beat JWT protection ⭐⭐⭐⭐
Web SOS or SSO? VueJS XSS -> OpenID IdP manipulation -> SQLi ⭐⭐⭐⭐

About

Official writeups for Business CTF 2024: The Vault Of Hope

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published