Another year, another Hackthebox Cyber Apocalypse! This year I was feeling pretty under the weather and so decided to mostly attempt the Forensics challenges.

On Monday, February 12th I had the opportunity to participate in shioCTF, a small CTF with the occasion of celebrating the host’s birthday (お誕生日おめでとう！). Below is a short writeup for the two Web challenges in it.

Sometimes you just don’t crack it

Having had the chance to participate in Hackthebox’s 2023 Cyber Apocalypse CTF event, I saw it fit to make a writeup for the challenges I managed to solve and explain the pitfalls encountered along the way.

Jumping over to the Web Exploitation category for a change

In which I continue through the General Skills section of picoCTF

The challenge

The “Stonks” challenge from picoCTF2021 presents us with a binary epxloitation excercise, we are supposed to connect via netcat to an address presented to us as nc mercury.picoctf.net 53437 and we have a downloadable file titled vuln.c.

What is picoCTF? (from official website)

picoCTF is a free computer security education program with original content built on a capture-the-flag framework created by security and privacy experts at Carnegie Mellon University.

The following are my writeups on the first few “General Skills” challenges.