January 2021

HACKVent 2020 – Day 24

  • by

Challenge – Santa’s Secure Data Storage

In order to prevent the leakage of any flags, Santa decided to instruct his elves to implement a secure data storage, which encrypts all entered data before storing it to disk.

According to the paradigm Always implement your own crypto the elves designed a custom hash function for storing user passwords as well as a custom stream cipher, which is used to encrypt the stored data.…

HACKVent 2020 – Day 23

  • by

Challenge – Those who make backups are cowards!

Santa tried to get an important file back from his old mobile phone backup. Thankfully he left a post-it note on his phone with the PIN. Sadly Rudolph thought the Apple was real and started eating it (there we go again…).…

HACKVent 2020 – Day 22

  • by

Challenge – Padawanlock

A new apprentice Elf heard about “Configuration as Code”. When he had to solve the problem to protected a secret he came up with this “very sophisticated padlock”.

Solution

Unpacking the .zip archive, we got a 19MB Linux executable.…

HACKVent 2020 – Day 21

Challenge – Threatened Cat

You can feed this cat with many different things, but only a certain kind of file can endanger the cat.

Do you find that kind of files? And if yes, can you use it to disclose the flag?…

HACKVent 2020 – Day 19

Challenge – Docker Linter Service

Docker Linter is a useful web application ensuring that your Docker-related files follow best practices. Unfortunately, there’s a security issue in there…

Requirements

This challenge requires a reverse shell. You can use the provided Web Shell or the VPN to solve this challenge (see RESOURCES on top).…

HACKVent 2020 – Day 18

Challenge – Santa’s lost home

Santa has forgotten his password and can no longer access his data. While trying to read the hard disk from another computer he also destroyed an important file. To avoid further damage he made a backup of his home partition.…

HACKVent 2020 – Day 17

  • by

Challenge – Santa’s Gift Factory Control

Santa has a customized remote control panel for his gift factory at the north pole. Only clients with the following fingerprint seem to be able to connect:

771,49162-49161-52393-49200-49199-49172-49171-52392,0-13-5-11-43-10,23-24,0

Mission: Connect to Santa’s super-secret control panel and circumvent its access controls.…

HACKVent 2020 – Day 16

Challenge – Naughty Rudolph

Santa loves to keep his personal secrets on a little toy cube he got from a kid called Bread. Turns out that was not a very good idea. Last night Rudolph got hold of it and frubl’d it about five times before spitting it out.…

HACKVent 2020 – Day 15

  • by

Challenge – Man Commands, Server Lost

Introduction

Elf4711 has written a cool front end for the linux man pages. Soon after publishing he got pwned. In the meantime he found out the reason and improved his code. So now he is sure it’s unpwnable.Notes…