January 2021

TIL: Tuples and Pattern Matching in C# switch Statements

by Daniel Bernegger
January 22, 2021January 22, 2021

TIL. abbreviation for today I learned
used in writing, for example on social media, before giving interesting new information

It may not happen all the time, but every now and then there are cases where a certain outcome is expected due to two or more variables. For example the help or validation text for variable min and max values. Until now I have solved this with these monstrous “if – else if” nestings:

by Jakob
January 1, 2021December 30, 2020

Challenge – Santa’s Secure Data Storage

In order to prevent the leakage of any flags, Santa decided to instruct his elves to implement a secure data storage, which encrypts all entered data before storing it to disk.

According to the paradigm Always implement your own crypto the elves designed a custom hash function for storing user passwords as well as a custom stream cipher, which is used to encrypt the stored data.…

HACKVent 2020 – Day 23

by Jakob
January 1, 2021December 30, 2020

Challenge – Those who make backups are cowards!

Santa tried to get an important file back from his old mobile phone backup. Thankfully he left a post-it note on his phone with the PIN. Sadly Rudolph thought the Apple was real and started eating it (there we go again…).…

HACKVent 2020 – Day 22

by Jakob
January 1, 2021December 30, 2020

Challenge – Padawanlock

A new apprentice Elf heard about “Configuration as Code”. When he had to solve the problem to protected a secret he came up with this “very sophisticated padlock”.

HV20D22.zip Download

Solution

Unpacking the .zip archive, we got a 19MB Linux executable.…

HACKVent 2020 – Day 21

by Daniel Bernegger
January 1, 2021December 30, 2020

Challenge – Threatened Cat

You can feed this cat with many different things, but only a certain kind of file can endanger the cat.

Do you find that kind of files? And if yes, can you use it to disclose the flag?…

HACKVent 2020 – Day 20

by Daniel Bernegger
January 1, 2021December 30, 2020

Challenge – Twelve steps of Christmas

On the twelfth day of Christmas my true love sent to me…
twelve rabbits a-rebeling,
eleven ships a-sailing,
ten (twentyfourpointone) pieces a-puzzling,
and the rest is history.

Hints

You should definitely give Bread’s famous easy perfect fresh rosemary yeast black pepper bread a try this Christmas!…

HACKVent 2020 – Day 19

by Daniel Bernegger
January 1, 2021December 30, 2020

Challenge – Docker Linter Service

Docker Linter is a useful web application ensuring that your Docker-related files follow best practices. Unfortunately, there’s a security issue in there…

Requirements

This challenge requires a reverse shell. You can use the provided Web Shell or the VPN to solve this challenge (see RESOURCES on top).…

HACKVent 2020 – Day 18

by Daniel Bernegger
January 1, 2021December 30, 2020

Challenge – Santa’s lost home

Santa has forgotten his password and can no longer access his data. While trying to read the hard disk from another computer he also destroyed an important file. To avoid further damage he made a backup of his home partition.…

HACKVent 2020 – Day 17

by Jakob
January 1, 2021February 11, 2022

Challenge – Santa’s Gift Factory Control

Santa has a customized remote control panel for his gift factory at the north pole. Only clients with the following fingerprint seem to be able to connect:

771,49162-49161-52393-49200-49199-49172-49171-52392,0-13-5-11-43-10,23-24,0

Mission: Connect to Santa’s super-secret control panel and circumvent its access controls.…

HACKVent 2020 – Day 16

by Daniel Bernegger
January 1, 2021December 30, 2020

Challenge – Naughty Rudolph

Santa loves to keep his personal secrets on a little toy cube he got from a kid called Bread. Turns out that was not a very good idea. Last night Rudolph got hold of it and frubl’d it about five times before spitting it out.…