HackMD
Cyber Apocalypse 2021 Challenge Description
Warmup
Welcome!
Join our Discord Server and the CA-2021 channels…
Web
BlitzProp
A tribute page for the legendary alien band called BlitzProp!
Inspector Gadget
Inspector Gadget was known for having a multitude of tools available for every occasion. Can you find them all?
DaaS
We suspect this server holds valuable information that would further benefit our cause, but we've hit a dead end with this debug page running on a known framework called Laravel. Surely we couldn't exploit this further.. right?
MiniSTRyplace
Let's read this website in the language of Alines. Or maybe not?
Caas
cURL As A Service or CAAS is a brand new Alien application, built so that humans can test the status of their websites. However, it seems that the Aliens have not quite got the hang of Human programming and the application is riddled with issues.
Wild Goose Hunt
Outdated Alien technology has been found by the human resistance. The system might contain sensitive information that could be of use to us. Our experts are trying to find a way into the system. Can you help?
E.Tree
After many years where humans work under the aliens commands, they have been gradually given access to some of their management applications. Can you hack this alien Employ Directory web app and contribute to the greater human rebellion?
Extortion
We finished building sturdy space ships. Its time to get on-board and wipe enemy bases.
The Galactic Times
The Galactic Times is a monthly Alien newspaper that focuses on news from around the Galaxy. This month's issue is focused on the Human race and contains some very controversial articles. The newspaper reportedly contains a restricted endpoint with some Alien secrets. Can you find a way to view the forbidden pages?
Cessation
Enemy forces are using a stealthy device to penetrate into our country. We've identified its origin and its time cessate their strength and defend our country from the attack.
Millenium
We fall under attack by unknown forces and noticed a compromise of our military systems. Its time to show our power by sabotaging their equipment.
pcalc
A calculator service has been deployed at an enemy's agency, for their personel to be acquainted with human numbers. We need to inflitrate the application and get access to the secret flag stored inside it's system!
emoji voting
A place to vote your favourite and least favourite puny human emojis!
Artillery
We managed to gain access to an Alien Airbase application. Can you help us compromise it for further investigation?
Alien complaint form
The Aliens found a cool new security feature called CSP and have since implemented it into their HR Complaint Form. There are reports that any issues reported by humans are not taken into account and instead deleted. The Human resistance has left a backdoor in the website that can be used to acquire sensitive information from the Aliens. Can you find it?
Starfleet
Do you enjoy unaliving humans as much as the next guy?
Welcome to Starfleet academy, the place where your mass genocide dreams come true. Enroll today!
Bug Report
They say humans shall not take control to any of their resources. Can you prove them wrong without letting them know.
gcloud pwn
The aliens have discovered google cloud as their choice of preference for their hosting needs. And now they are using it to scrape the internet using their pdf generation proxy, what could go wrong?
http://162.222.183.14:1337/
http://162.222.183.14:1338/
http://162.222.183.14:1339/
http://162.222.183.14:2000/
Role name: pdfme-role@essential-hawk-310212.iam.gserviceaccount.com
Pwn
Controller
The extraterrestrials have a special controller in order to manage and use our resources wisely, in order to produce state of the art technology gadgets and weapons for them. If we gain access to the controller's server, we can make them drain the minimum amount of resources or even stop them completeley. Take action fast!
Minefield
We found one of the core power plants that drain all of our resources. One member of our team is an expert at mines. Plant the correct type of mine at the correct location to blow up the entire power plant, but be careful, otherwise we are all doomed!
System dROP
In the dark night, we managed to sneak in the plant that manages all the resources. Ready to deploy our root-kit and stop this endless draining of our planet, we accidentally triggered the alarm! Acid started raining from the ceiling, destroying almost everything but us and small terminal-like console. We can see no output, but it still seems to work, somehow..
Harvester
These giant bird-looking creatures come once a day and harvest everything from our farms, leaving nothing but soil behind. We need to do something to stop them, otherwise there will be no food left for us. It will be even better instead of stopping them, tame them and take advantage of them! They seem to have some artificial implants, so if we hack them, we can take advantage of them. These creatures seem to love cherry pies for some reason..
Save the environment
Extraterrestrial creatures have landed on our planet and drain every resource possible! Rainforests are being destroyed, the oxygen runs low, materials are hard to find. We need to protect our environment at every cost, otherwise there will be no future for humankind..
This challenge will raise 43 euros for a good cause.
Crypto
Nintendo Base64
Aliens are trying to cause great misery for the human race by using our own cryptographic technology to encrypt all our games.
Fortunately, the aliens haven't played CryptoHack so they're making several noob mistakes. Therefore they've given us a chance to recover our games and find their flags.
They've tried to scramble data on an N64 but don't seem to understand that encoding and ASCII art are not valid types of encryption!
PhaseStream 1
The aliens are trying to build a secure cipher to encrypt all our games called "PhaseStream". They've heard that stream ciphers are pretty good. The aliens have learned of the XOR operation which is used to encrypt a plaintext with a key. They believe that XOR using a repeated 5-byte key is enough to build a strong stream cipher. Such silly aliens! Here's a flag they encrypted this way earlier. Can you decrypt it (hint: what's the flag format?) 2e313f2702184c5a0b1e321205550e03261b094d5c171f56011904
PhaseStream 2
The aliens have learned of a new concept called "security by obscurity". Fortunately for us they think it is a great idea and not a description of a common mistake. We've intercepted some alien comms and think they are XORing flags with a single-byte key and hiding the result inside 9999 lines of random data, Can you find the flag?
PhaseStream 3
The aliens have learned the stupidity of their misunderstanding of Kerckhoffs's principle. Now they're going to use a well-known stream cipher (AES in CTR mode) with a strong key. And they'll happily give us poor humans the source because they're so confident it's secure!
SoulCrabber
Aliens heard of this cool newer language called Rust, and hoped the safety it offers could be used to improve their stream cipher.
Forge of Empires
Over thousands of miles, a messenger from the East has arrived with the sacred text. To enable PHOTON MAN and crush the aliens with your robot troopers, the messenger needs you to sign your message!
Little Nightmares
Never in your darkest momements did your childhood fears prepare you for an alien invasion. To make matters worse, you've just been given a Little homework by the Lady. Defeat this and she we retreat into the night.
PhaseStream 4
The aliens saw us break PhaseStream 3 and have proposed a quick fix to protect their new cipher.
RSA jam
Even aliens have TLA agencies trying to apply rubber hose cryptanalysis.
SoulCrabber 2
Aliens realised that hard-coded values are bad, so added a little bit of entropy.
Super Metroid
Samus needs our help! After a day of burning out her Arm Cannon, blasting Metroids and melting the Mother Brain, she's found her ship's maps have all been encrypted. Lucky for her, these aliens still don't know what they're doing and are trying to roll their own crypto. Can you recover the flag from their elliptic protocol?
Tetris
It seems the aliens might be living backwards in time, so now we're suddenly seeing completely different and older kinds of cipher too. The flag consists entirely of uppercase characters, and is of the form CHTB{SOMETHINGHERE}. You'll still have to insert the {} yourself.
RuneScape
This is an old game, and seeing how big the output file is, I understand where the M in MMO comes from…
Wii Phit
The aliens have encrypted our save file from Wii Phit and we're about to lose our 4,869 day streak!! They're even taunting us with a hint. I think the alien's are getting a bit over-confident if you ask me.
Hyper Metroid
Dropping a morph ball bomb, Samus cracked open the floor and dropped down into the guts of Phaaze. At the end of the tunnel is a locked chest containing the hyper beam upgrade. Samus found the encrypted key preserved in a ball of glowing biomass, but can't decode it. Help Samus capture the flag so she can eradicate the alien invasion once and for all.
SpongeBob SquarePants: Battle for Bikini Bottom – Rehydrated
Wait, spongebob and squarepants don't hash to the same thing?
This challenge will raise 120 euros for a good cause.
Tetris 3D
With all the timey-wimey weirdness going on, I have no idea if the aliens encrypted this before or after the tetris game. All I know is that I want my games back! The flag consists entirely of uppercase characters, and is of the form CHTB{SOMETHINGHERE}. You'll still have to insert the {} yourself.
Reversing
Authenticator
We managed to steal one of the extraterrestrials' authenticator device. If we manage to understand how it works and get their credentials, we may be able to bypass all of their security locked doors and gain access everywhere!
Passphrase
You found one of their space suits forgotten in a room. You wear it, but before you go away, a guard stops you and asks some questions..
Backdoor
One of our friends has left a backdoor on the extraterrestrials' server. If we manage to take advantage of it, we will be able to control all the doors and lock them outside or open doors to facilites we have no access.
Alienware
We discovered this tool in the E.T. toolkit which they used to encrypt and exfiltrate files from infected systems. Can you help us recover the files?
Oldest trick in the book
A data breach has been identified. The invaders have used the oldest trick in the book. Make sure you can identify what got stolen from us.
Key mission
The secretary of earth defense has been kidnapped. We have sent our elite team on the enemy's base to find his location. Our team only managed to intercept this traffic. Your mission is to retrieve secretary's hidden location.
Invitation
Last night I recieved an invitation, but after I accepted, some wierd things happend in my computer.
AlienPhish
This PowerPoint presentation was sent to the top leadership of the human resistance effort. We believe it was an attempt by the aliens to phish into our networks. Find the malicious payload and the flag.
Low Energy Crypto
Aliens are using a human facility as a storage unit. The owners of the facility said their access credentials stopped working, but it's based on Bluetooth LE. We managed to install a Bluetooth LE sniffer close to the entrance, and captured some packets. Can you manage to get the access credentials from this capture?
Hardware
Serial Logs
We have gained physical access to the debugging interface of the Access Control System which is based on a Raspberry Pi-based IoT device. We believe that the log messages of this device contain valuable information of when our asset was abducted
Compromised
An embedded device in our serial network exploited a misconfiguration which resulted in the compromisation of several of our slave devices in it, leaving the base camp exposed to intruders. We must find what alterations the device did over the network in order to revert them before its too late
Secure
We need to find cover before the invasion begins but unfortunately, the bunker is secured by a smart door lock. The keys of the device are stored in an external microSD connected with wiring with the unsecured part of the device enabling us to capture some traces while trying random combinations. Can you recover the key?
Off the grid
One of our agents managed to store some valuable information in an air-gapped hardware password manage and delete any trace of them in our network before it got compromised by the invaders but the device got damaged during transportation and its OLED screen broke. We need help to recover the information stored in it!
Discovery
Enemy troops are approaching. There's no time to locate the plane. Help us in tracking them down.
Hidden
We found a set of devices connected to our serial network that are transmiting encrypted messages. We believe that some of them are still active in our network and thus we captured a sample trace for analysis. The firmware from the devices we already removed will help you with your mission
Misc
Alien Camp
The Ministry of Galactic Defense now accepts human applicants for their specialised warrior unit, in exchange for their debt to be erased. We do not want to subject our people to this training and to be used as pawns in their little games. We need you to answer 500 of their questions to pass their test and take them down from the inside.
Input as a Service
In order to blend with the extraterrestrials, we need to talk and sound like them. Try some phrases in order to check if you can make them believe you are one of them.
Build yourself in
The extraterrestrials have upgraded their authentication system and now only them are able to pass. Did you manage to learn their language well enough in order to bypass the the authorization check?
Robotic Inflitration
We were able to hack a robot that was operating at a target facility and log its readings using ROS. The robot has an advanced lidar scanner, and these readings should allow us to rebuild the plan for the facility, and will be essential for the next steps of our mission. drive.google.com/file/d/168_fK5H_ZFwIg-fA4iZ_1XAWB3Vg3obR
Alienspeak
We were able to capture a digital audio stream of what we believe is alien communication. We had scientists building a machine learning model to be able to decode alien language, but they went… on vacation. We recovered some of their files though, and they should help us to recover valuable information from this stream.
Close the door
The extraterrestrials have been chasing us for hours but we managed to escape by hiding in one of the power plants. We closed the door and kept them away. The only problem is that we do not know the secret password to open the emergency door and escape. If we do not manage to unlock the door, we are doomed!
