<style> html, body, .ui-content { background-color: #171717; color: #ddd; } .markdown-body h1, .markdown-body h2, .markdown-body h3, .markdown-body h4, .markdown-body h5, .markdown-body h6 { color: #ddd; } .markdown-body h1, .markdown-body h2 { border-bottom-color: #ffffff69; } .markdown-body h1 .octicon-link, .markdown-body h2 .octicon-link, .markdown-body h3 .octicon-link, .markdown-body h4 .octicon-link, .markdown-body h5 .octicon-link, .markdown-body h6 .octicon-link { color: #fff; } .markdown-body img { background-color: transparent; } .ui-toc-dropdown .nav>.active:focus>a, .ui-toc-dropdown .nav>.active:hover>a, .ui-toc-dropdown .nav>.active>a { color: white; border-left: 2px solid white; } .expand-toggle:hover, .expand-toggle:focus, .back-to-top:hover, .back-to-top:focus, .go-to-bottom:hover, .go-to-bottom:focus { color: white; } .ui-toc-dropdown { background-color: #333; } .ui-toc-label.btn { background-color: #191919; color: white; } .ui-toc-dropdown .nav>li>a:focus, .ui-toc-dropdown .nav>li>a:hover { color: white; border-left: 1px solid white; } .markdown-body blockquote { color: #bcbcbc; } .markdown-body table tr { background-color: #5f5f5f; } .markdown-body table tr:nth-child(2n) { background-color: #4f4f4f; } .markdown-body code, .markdown-body tt { color: #eee; background-color: rgba(230, 230, 230, 0.36); } a, .open-files-container li.selected a { color: #5EB7E0; } </style> CyberMazeV3 === ## Table of Contents [TOC] ## Event description <div style="text-align:center"><img src="https://i.imgur.com/7RSNl2V.png" /></div> "CyberMaze" is a cybersecurity contest where participants must tackle a variety of cybersecurity puzzles and challenges scattered throughout the "Iset'com" environment. For this year's edition, we have selected the theme of "Harry Potter." Back story --- Back in 2020 [Aziz NEFZI ](https://www.linkedin.com/in/aziz-nefzi/) proposed this idea were players solve cyber-security like puzzles found around our university, back then Corona was at its peak, so we embraced the idea but postponed it until 2021, and we hosted the first edition, it wasn't that big of a deal, but we, and people who came, ejoyed the event, 2022 edition was themed "One Piece", and we started building tasks around the theme, this year(2023), we even decorated the platform([CTFd](https://github.com/CTFd/CTFd)) around the theme. Even the food was around the theme: <div style="display:flex;"> <img src="https://i.postimg.cc/hvVXMmBM/IMG-2999.jpg" style="width: 33.33%;box-sizing: border-box; margin: 0; "> <img src="https://i.postimg.cc/RhGBMCQ4/IMG-2998.jpg" style="width: 33.33%;box-sizing: border-box; margin: 0;"> <img src="https://i.postimg.cc/hjBWTQ2K/IMG-3000-1.jpg" style="width: 33.33%;box-sizing: border-box; margin: 0; "> </div> Planning --- The hardest part of the whole event is this one, making a plan for the tasks and categories, we agreed on making 6 categories, one for the welcome task, one for the final task, and 4 others, one for each house so we ended up with those 6 : - *Welcome* :hand: - *Gryffindor* :lion_face: - *Slytherin* :snake: - *Ravenclaw* 🦅 - *Hufflepuff* 🦡 - *Final Task* :end: Each category had a mixture of 2 or more CTF categories(rev, pwn, foren, web,etc...). Each and every category had Tasks following this layout : <br> <div style="text-align:center"><img src="https://i.postimg.cc/gjncQBwc/task-1.png" /></div> <br> For us, it went like this: - *Welcome* : had only one task included which was a "welcome task" providing a domain `welcome.events-spark.tech` and a port `1337`, using the netcat command, a script executes [welcome.sh](https://github.com/alternox1/CyberMaze-V3-CheatSheet/blob/main/welcome.sh), this is what you get: <iframe title="vimeo-player" src="https://player.vimeo.com/video/892670552?h=38999694f8" width="640" height="360" frameborder="0" allowfullscreen></iframe> > The link at the end takes you to [CyberMazeV3 CheatSheet](https://github.com/alternox1/CyberMaze-V3-CheatSheet/tree/main) It also provides a themed map for "Iset'com", which helps in other tasks : <center> <img src="https://i.postimg.cc/B6hDH4Mn/CMv3map.png" style="width:500px;"/> </center> <br> - ***Gryffindor*** : as for the tasks found on this category they were mainly a mixture between `WEB` and `OSINT`. - ***Slytherin*** : The challs on this category were mainly `REV` and `PWN`. - ***Ravenclaw*** : This category had `Foren` and `Crypto`. - ***Hufflepuff*** : It was all `MISC`(firmware, logic, etc...) - ***Final Task*** : After solving all the challs in all the categories, a final task would show up, each category provide a bonus task that has an image, which is an item the creator of the club had left(Gryffindor's Sword, Slytherin's Locket, Hufflepuff's Cup and Ravenclaw's Diadem). Uploading the images in the right order would return the flag.  Platform --- We Created a custom CTFd Theme around Harry Potter and It Looked Great :   ## Tech Team <iframe src="https://player.vimeo.com/video/897930043?badge=0&amp;autopause=0&amp;player_id=0&amp;app_id=58479" width="640" height="360" frameborder="0" allow="autoplay; fullscreen; picture-in-picture" title="CYBERMAZE_V3"></iframe> The team behind all of the technical aspects of the event : - [Mohamed Amin ROUISSI](https://www.linkedin.com/in/mohammed-amin-rouissi/) - [Bilel YAAKOUBI](https://www.linkedin.com/in/yaakoubi-bilel/) - [Ahmed Amin DERBALI](https://www.linkedin.com/in/ahmedaminederbali/) - [Nadhir ZOGHLAMI](https://www.linkedin.com/in/nadhir-zoghlami/) - [Mohamed Amine OUERFELLI](https://www.linkedin.com/in/mohamedamine-ouerfelli/) - [Mohamed Malek WERTATANI](https://www.linkedin.com/in/mohamed-malek-wertatani-92ba75268/) - [Mohamed Ali KAABI](https://www.linkedin.com/in/mohamed-ali-kaabi-999724219/) - [Baha Ben OTHMAN](https://www.linkedin.com/in/baha-ben-othman-974197244/) - [Dhia LABIEDH](https://www.linkedin.com/in/labiedh-dhia/) - [Ayoub FDHILA](https://www.linkedin.com/in/ayoubfdh/) :::info **Reach Out If You Have Questions** ::: ###### tags: `CyberMaze` `CTF` `Engineers Spark`