software developer. security enthusiast.
Hidden four hasn’t got a description. As hidden four came out the same day as HV19.14 Achtung das Flag I thought it must be about that challenge. As the flag from HV19.14 looks pretty messed up, and as the code states at some point that Only perl can parse Perl!, I thought, maybe just run […]
The given perl code is a game similar to the popular game Achtung, die Kurve! resp. curve fever. We could play the game and move the curve using the keys n and m. When catching a displayed character a new would appear. As this is pretty hard I took a closer look at the source […]
So this time we got an web application and the corresponding – following – source code. The code creates a trie and stores the security token auth_token_4835989 and a string entered by the user in it. Later it checks if the trie contains the security token, if not, the flag is returned. I had a […]
The zip file contained a executable named BackToBasic.exe. The program takes a flag and tells us if the flag is wrong or right. As this was written in VisualBasic I used VB Decompiler to decompile the executable to basic code. After some reading through the lines I found that the user input is compared with […]
Hidden three came out the same day as HV19.11 Frolicsome Santa Jokes API came out. And as the API was the first challenge were we had to deal with a remote server, maybe the flag is hidden on the remote server. A quick scan using nmap reveals that there is another port opened: port 17. […]
The given API consists of three endpoints: /register, /login, /random. The workflow is the following: Register a user Login in and retrieve auth token Get random Joke using auth token When creating a basic user, logging in and calling /random we would receive a JSON-Object containing the actual joke, the author of the joke and […]
When running the binary it asks for an input to validate. Putting test returns nooooh. try harder! So I thought, that the right flag would be the valid input. Putting a single space or multiple characters separated by a space returns various bash errors. Firing up gdb shows that various subprocesses are spawned: first an […]
So the qr code looks broken. Doing a reverse image search on the first image reveals that the image was taken at Cambridge North railway station. The cladding of the building features a pierced design derived from Rule 30. So I thought maybe generate a Rule 30 image, put it over the qr code and […]
Introduction You hacked into the system of very-secure-shopping.com and you found a SQL-Dump with $$-creditcards numbers. As a good hacker you inform the company from which you got the dump. The managers tell you that they don’t worry, because the data is encrypted. Dump-File: dump.zip Goal Analyze the “Encryption”-method and try to decrypt the flag. Hints […]
Again a hidden flag. Challenge Description As Hidden Two came out the same time as HV19.07 Santa Rider I thought it might be again of the challenge that also came out that day like before with Hidden One. I thought it was odd, that there was a download for a zip containing the video of […]