TIL: Don’t use GUIDs as HTML IDs

02-16-2021 - 0 minutes, 46 seconds - Web

TIL. abbreviation for today I learned used in writing, for example on social media, before giving interesting new information

It is not logical at all at first sight. Sometimes my GUIDS work as IDs for HTML tags, sometimes not. Today I learned why.

Continue Reading...

HACKvent 2020 - Day 24

01-01-2021 - 9 minutes, 33 seconds - CTF Reverse Engineering

Challenge - Santa's Secure Data Storage

In order to prevent the leakage of any flags, Santa decided to instruct his elves to implement a secure data storage, which encrypts all entered data before storing it to disk.

According to the paradigm Always implement your own crypto the elves designed...

Continue Reading...

HACKvent 2020 - Day 23

01-01-2021 - 3 minutes, 26 seconds - CTF

Challenge - Those who make backups are cowards!

Santa tried to get an important file back from his old mobile phone backup. Thankfully he left a post-it note on his phone with the PIN. Sadly Rudolph thought the Apple was real and started eating it (there we go again...). Now only the first of eigh...

Continue Reading...

HACKvent 2020 - Day 22

01-01-2021 - 2 minutes, 16 seconds - CTF Reverse Engineering

Challenge - Padawanlock

A new apprentice Elf heard about "Configuration as Code". When he had to solve the problem to protected a secret he came up with this "very sophisticated padlock".

HV20D22.zip

Solution

Unpacking the .zip archive, we got a 19MB Linux executable. That's large. But maybe...

Continue Reading...

HACKvent 2020 - Day 21

01-01-2021 - 1 minute, 49 seconds - CTF

Challenge - Threatened Cat

You can feed this cat with many different things, but only a certain kind of file can endanger the cat.

Do you find that kind of files? And if yes, can you use it to disclose the flag? Ahhh, by the way: The cat likes to hide its stash in /usr/bin/catnip.txt.

Note:...

Continue Reading...

HACKvent 2020 - Day 20

01-01-2021 - 3 minutes, 26 seconds - CTF

Challenge - Twelve steps of Christmas

On the twelfth day of Christmas my true love sent to me...
twelve rabbits a-rebeling,
eleven ships a-sailing,
ten (twentyfourpointone) pieces a-puzzling,
and the rest is history.

Continue Reading...

HACKvent 2020 - Day 19

01-01-2021 - 1 minute, 0 seconds - CTF

Challenge - Docker Linter Service

Docker Linter is a useful web application ensuring that your Docker-related files follow best practices. Unfortunately, there’s a security issue in there…

Requirements

This challenge requires a reverse shell. You can use the provided Web Shell or the VPN to so...

Continue Reading...

HACKvent 2020 - Day 18

01-01-2021 - 2 minutes, 8 seconds - CTF

Challenge - Santa's lost home

Santa has forgotten his password and can no longer access his data. While trying to read the hard disk from another computer he also destroyed an important file. To avoid further damage he made a backup of his home partition. Can you help him recover the data.

When...

Continue Reading...

HACKvent 2020 - Day 17

01-01-2021 - 3 minutes, 57 seconds - CTF

Challenge - Santa's Gift Factory Control

Santa has a customized remote control panel for his gift factory at the north pole. Only clients with the following fingerprint seem to be able to connect:

771,49162-49161-52393-49200-49199-49172-49171-52392,0-13-5-11-43-10,23-24,0

Mission: Connect to...

Continue Reading...

HACKvent 2020 - Day 16

01-01-2021 - 3 minutes, 11 seconds - CTF

Challenge - Naughty Rudolph

Santa loves to keep his personal secrets on a little toy cube he got from a kid called Bread. Turns out that was not a very good idea. Last night Rudolph got hold of it and frubl’d it about five times before spitting it out. Look at it! All the colors have come off! Nau...

Continue Reading...