Another year, another Hackthebox Cyber Apocalypse! This year I was feeling pretty under the weather and so decided to mostly attempt the Forensics challenges.

NixOS is, against all prior expectations, pretty cool and intuitive to use.

On Monday, February 12th I had the opportunity to participate in shioCTF, a small CTF with the occasion of celebrating the host’s birthday (お誕生日おめでとう！). Below is a short writeup for the two Web challenges in it.

Sometimes you just don’t crack it

One of our web servers triggered an AV alert, but none of the sysadmins say they were logged onto it. We’ve taken a network capture before shutting the server down to take a clone of the disk. Can you take a look at the PCAP and see if anything is up?

Being a long-time player of roguelikes, I figured it was about time to dip my toes into the modding community for one of the games I’ve played the most and that (supposedly) boasts good modding capabilities.

And so began my fight against Caves of Qud, XML and even my own file system.

Having had the chance to participate in Hackthebox’s 2023 Cyber Apocalypse CTF event, I saw it fit to make a writeup for the challenges I managed to solve and explain the pitfalls encountered along the way.

Jumping over to the Web Exploitation category for a change

In which I continue through the General Skills section of picoCTF

The challenge

The “Stonks” challenge from picoCTF2021 presents us with a binary epxloitation excercise, we are supposed to connect via netcat to an address presented to us as nc mercury.picoctf.net 53437 and we have a downloadable file titled vuln.c.