# Hack the Box - Cyber Apocalypse 2021 ## Web ### BlitzProp - 1000 Points - 1 star > A tribute page for the legendary alien band called BlitzProp! This challenge will raise 33 euros for a good cause. The flag exists at `/flag[5-random-alnum]`. There doesn't appear to be any LFI. The falw appears to be with the following code: ```python router.post('/api/submit', (req, res) => { const { song } = unflatten(req.body); if (song.name.includes('Not Polluting with the boys') || song.name.includes('ASTa la vista baby') || song.name.includes('The Galactic Rhymes') || song.name.includes('The Goose went wild')) { return res.json({ 'response': pug.compile('span Hello #{user}, thank you for letting us know!')({ user:'guest' }) }); } else { return res.json({ 'response': 'Please provide us with the name of an existing song.' }); } }); ``` I would bet that the trick is to modify the user from guest to something malicious... ### InspectorGadget - 1000 Points - 1 star > Inspector Gadget was known for having a multitude of tools available for every occasion. Can you find them all? This challenge will raise 33 euros for a good cause. The page contains the text `CHTB{` Viewing the elements reveals a comment `1nsp3ction_` The script at `/static/js/main.js` contains `console.log("us3full_1nf0rm4tion}");` `/static/css/main.css` contains `/* c4n_r3ve4l_ */` **Flag:** CHTB{1nsp3ction_c4n_r3ve4l_us3full_1nf0rm4tion} ### DaaS - 1000 Points - 1 star ### MiniSTRyplace - 1000 Points - 1 star ### Caas - 1000 Points - 2 star ### Wild Goose Hunt - 1000 Points - 2 stars ### E.Tree - 1000 Points - 2 stars > After many years where humans work under the aliens commands, they have been gradually given access to some of their management applications. Can you hack this alien Employ Directory web app and contribute to the greater human rebellion?<br>This challenge will raise 43 euros for a good cause. I'm assuming this is an XML injection, the downloaded file has the following: ```xml= <?xml version="1.0" encoding="utf-8"?> <military> <district id="confidential"> <staff> <name>confidential</name> <age>confidential</age> <rank>confidential</rank> <kills>confidential</kills> </staff> <staff> <name>confidential</name> <age>confidential</age> <rank>confidential</rank> <kills>confidential</kills> </staff> <staff> <name>confidential</name> <age>confidential</age> <rank>confidential</rank> <kills>confidential</kills> <selfDestructCode>CHTB{f4k3_fl4g</selfDestructCode> </staff> </district> <district id="confidential"> <staff> <name>confidential</name> <age>confidential</age> <rank>confidential</rank> <kills>confidential</kills> </staff> <staff> <name>confidential</name> <age>confidential</age> <rank>confidential</rank> <kills>confidential</kills> <selfDestructCode>_f0r_t3st1ng}</selfDestructCode> </staff> <staff> <name>confidential</name> <age>confidential</age> <rank>confidential</rank> <kills>confidential</kills> </staff> </district> </military> ``` ### Extortion - 1000 Points - 2 stars ### The Galactic Times - 1000 Points - 2 stars ### Cessation - 1000 Points - 2 stars ### Millenium - 1000 Points - 2 stars > We fall under attack by unknown forces and noticed a compromise of our military systems. Its time to show our power by sabotaging their equipment. This challenge will raise 43 euros for a good cause. This feels like a guess the parameter challenge. When you input invalid credentials, you get a 302 to `/?err=Invalid_Credentials`. I suck at those. I'm coming back to this one later. ### pcalc - 1000 Points - 2 stars ### emoji voting - 1000 Points - 2 stars ### Artillery - 1000 points - 3 stars ## Warmup ### Welcome - 25 Points - 1 star  **Flag:** CHTB{CA_CTF_i$_F*ing_EPIC} ## Pwn ### Controller - 1000 Points - 1 star ### Minefield - 1000 Points - 1 star ### System dROP - 1000 Points - 1 star ### Harvester - 1000 Points - 1 star ## Crypto ### Nintendo Base64 - 350 Points - 1 star Aliens are trying to cause great misery for the human race by using our own cryptographic technology to encrypt all our games. Fortunately, the aliens haven't played CryptoHack so they're making several noob mistakes. Therefore they've given us a chance to recover our games and find their flags. They've tried to scramble data on an N64 but don't seem to understand that encoding and ASCII art are not valid types of encryption! This challenge will raise 33 euros for a good cause. **Flag:** CHTB{3nc0d1ng_n0t_3qu4l_t0_3ncrypt10n} One star fits the description. The flag is base64 encoded 6 or 7 times, then the resulting output is spaced out to spell nintendo. Remove the spaces and start decoding until the flag shows itself. ### PhaseStream 1 - 500 Points - 1 star ### PhaseStream 2 - 1000 Points - 1 star ### PhaseStream 3 - 1000 Points - 1 star ### SoulCrabber - 1000 Points - 1 star ### Forge of Empires - 1000 Points - 2 stars ### Little Nightmares - 1000 Points - 2 stars ### PhaseStream 4 - 1000 Points - 2 stars ### RSA jam - 1000 Points - 2 stars Working: bamhm182 > Even aliens have TLA agencies trying to apply rubber hose cryptanalysis. This challenge will raise 43 euros for a good cause. This one is actually harder than I thought. I thought I had notes on all the RSA stuff, but this one gives you e, d, and N, then you need to get p and q so you can get phi... [Here](https://bytepen.gitlab.io/ctf/5ctf-31aug2020/takeaways/rsa.html) are my notes on RSA. I will come back to this later. Here's the python I got so far: ```python #!/usr/bin/env python3 import socket import subprocess import time import json from Crypto.Util.number import getPrime, inverse import random class Connector: def __init__(self): subprocess.call('clear') self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.rec_bits = 2048 self.answer = b'' def create_socket(self, ip, port): while True: try: self.socket.connect((ip, port)) print("Connection Established!") break except ConnectionRefusedError: print("Connection Refused...") time.sleep(1) def listen(self): while True: data = self.socket.recv(self.rec_bits) if not data: break print(f"\n{data}") self.do_work(data) def do_work(self, data): if data.startswith(b"{'e'"): key = json.loads(data.decode().replace("'", '"')) e = key['e'] d = key['d'] n = key['N'] # Figure out how to get p, q from e, d, n p = 0 q = 0 phi = (p - 1) * (q - 1) d2 = inverse(e, phi) m = random.randrange(n) c = pow(m, e, n) if m == pow(c, d2, n): self.answer = ans elif data == b'\n> ': self.socket.send(self.answer) if __name__ == "__main__": c = Connector() c.create_socket("139.59.165.102", 31091) c.listen() ``` ### SoulCrabber 2 - 1000 Points - 2 stars ### Super Metroid - 1000 Points - 2 stars ### Tetris - 1000 Points - 2 stars ### RuneScape - 1000 Points - 4 stars ### Wii Phit - 1000 Points - 3 stars ### Hyper Metroid - 1000 Points - 4 stars ### SpongeBob SquarePants: Battle for Bikini Bottom – Rehydrated - 1000 Points - 4 stars ### Tetris 3D - 1000 Points - 4 stars ## Reversing ### Authenticator - 600 Points - 1 star ### Passphrase - 575 Points - 1 star ### Backdoor - 1000 Points - 2 stars ### Alienware - 1000 Points - 2 stars ## Forensics ### Oldest trick in the book - 1000 Points - 1 star ### Key mission - 1000 Points - 1 star ### Invitation - 1000 Points - 1 star ### AlienPhish - 1000 Points - 2 stars ### Low Energy Crypto - 1000 Points - 2 stars ## Hardware ### Serial Logs - 1000 Points - 1 star ### Compromised - 1000 Points - 1 star ### Secure - 1000 Points - 1 star ### Off the grid - 1000 Points - 2 stars ## Misc ### Alien Camp - 1000 Points - 1 star ### Input as a Service - 1000 Points - 1 star ### Build yourself in - 1000 Points - 2 stars ### Robotic Infiltration - 1000 Points - 2 stars ### Alienspeak - 1000 Points - 3 stars Working: brs6502 > We were able to capture a digital audio stream of what we believe is alien communication. We had scientists building a machine learning model to be able to decode alien language, but they went... on vacation. We recovered some of their files though, and they should help us to recover valuable information from this stream. This challenge will raise 80 euros for a good cause. Files: alien.h5 alien_asr.ipynb - jupyter notebook i2s_capture.sal ### Close the Door - 1000 Points - 2 stars > The extraterrestrials have been chasing us for hours but we managed to escape by hiding in one of the power plants. We closed the door and kept them away. The only problem is that we do not know the secret password to open the emergency door and escape. If we do not manage to unlock the door, we are doomed! [ { "id": 1995, "name": "Inspector Gadget", "creator": "HackTheBoxTeam", "description": "Inspector Gadget was known for having a multitude of tools available for every occasion. Can you find them all?<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 2, "difficulty": "easy", "filename": "", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 825, "solves": 4, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1996, "name": "DaaS", "creator": "HackTheBoxTeam", "description": "We suspect this server holds valuable information that would further benefit our cause, but we've hit a dead end with this debug page running on a known framework called Laravel. Surely we couldn't exploit this further.. right?<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 2, "difficulty": "easy", "filename": "", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 1, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1997, "name": "MiniSTRyplace", "creator": "HackTheBoxTeam", "description": "Let's read this website in the language of Alines. Or maybe not?<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 2, "difficulty": "easy", "filename": "web_ministryplace.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 1, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1998, "name": "Caas", "creator": "HackTheBoxTeam", "description": "cURL As A Service or CAAS is a brand new Alien application, built so that humans can test the status of their websites. However, it seems that the Aliens have not quite got the hang of Human programming and the application is riddled with issues.aw man, aw geez, my grandpa rick is passed out from all the drinking again, where is a calculator when you need one, aw geez<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "web_caas.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 2, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1999, "name": "Wild Goose Hunt", "creator": "HackTheBoxTeam", "description": "Outdated Alien technology has been found by the human resistance. The system might contain sensitive information that could be of use to us. Our experts are trying to find a way into the system. Can you help?<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "web_wild_goose_hunt.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 1, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2000, "name": "E.Tree", "creator": "HackTheBoxTeam", "description": "After many years where humans work under the aliens commands, they have been gradually given access to some of their management applications. Can you hack this alien Employ Directory web app and contribute to the greater human rebellion?<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "web_etree.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2001, "name": "Extortion", "creator": "HackTheBoxTeam", "description": "We finished building sturdy space ships. Its time to get on-board and wipe enemy bases.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2002, "name": "The Galactic Times", "creator": "HackTheBoxTeam", "description": "The Galactic Times is a monthly Alien newspaper that focuses on news from around the Galaxy. This month's issue is focused on the Human race and contains some very controversial articles. The newspaper reportedly contains a restricted endpoint with some Alien secrets. Can you find a way to view the forbidden pages?<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "web_the_galactic_times.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2003, "name": "Cessation", "creator": "HackTheBoxTeam", "description": "Enemy forces are using a stealthy device to penetrate into our country. We've identified its origin and its time cessate their strength and defend our country from the attack.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "web_cessation.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2004, "name": "Millenium", "creator": "HackTheBoxTeam", "description": "We fall under attack by unknown forces and noticed a compromise of our military systems. Its time to show our power by sabotaging their equipment.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2005, "name": "pcalc", "creator": "HackTheBoxTeam", "description": "A calculator service has been deployed at an enemy's agency, for their personel to be acquainted with human numbers. We need to inflitrate the application and get access to the secret flag stored inside it's system!<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "web_pcalc.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2006, "name": "emoji voting", "creator": "HackTheBoxTeam", "description": "A place to vote your favourite and least favourite puny human emojis!<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 2, "difficulty": "medium", "filename": "web_emoji_voting.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2007, "name": "Artillery", "creator": "HackTheBoxTeam", "description": "We managed to gain access to an Alien Airbase application. Can you help us compromise it for further investigation?<br>This challenge will raise 80 euros for a good cause.", "challenge_category_id": 2, "difficulty": "hard", "filename": "web_artillery.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 2008, "name": "Welcome!", "creator": "HackTheBoxTeam", "description": "Join our Discord Server and the CA-2021 channels…", "challenge_category_id": 16, "difficulty": "easy", "filename": "", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 25, "solves": 6, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1973, "name": "Controller", "creator": "HackTheBoxTeam", "description": "The extraterrestrials have a special controller in order to manage and use our resources wisely, in order to produce state of the art technology gadgets and weapons for them. If we gain access to the controller's server, we can make them drain the minimum amount of resources or even stop them completeley. Take action fast!<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 3, "difficulty": "easy", "filename": "pwn_controller.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1974, "name": "Minefield", "creator": "HackTheBoxTeam", "description": "We found one of the core power plants that drain all of our resources. One member of our team is an expert at mines. Plant the correct type of mine at the correct location to blow up the entire power plant, but be careful, otherwise we are all doomed!<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 3, "difficulty": "easy", "filename": "pwn_mindfield.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1975, "name": "System dROP", "creator": "HackTheBoxTeam", "description": "In the dark night, we managed to sneak in the plant that manages all the resources. Ready to deploy our root-kit and stop this endless draining of our planet, we accidentally triggered the alarm! Acid started raining from the ceiling, destroying almost everything but us and small terminal-like console. We can see no output, but it still seems to work, somehow..<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 3, "difficulty": "easy", "filename": "pwn_system_drop.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1976, "name": "Harvester", "creator": "HackTheBoxTeam", "description": "These giant bird-looking creatures come once a day and harvest everything from our farms, leaving nothing but soil behind. We need to do something to stop them, otherwise there will be no food left for us. It will be even better instead of stopping them, tame them and take advantage of them! They seem to have some artificial implants, so if we hack them, we can take advantage of them. These creatures seem to love cherry pies for some reason..<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 3, "difficulty": "medium", "filename": "pwn_harvester.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1956, "name": "Nintendo Base64", "creator": "HackTheBoxTeam", "description": "Aliens are trying to cause great misery for the human race by using our own cryptographic technology to encrypt all our games.<br >Fortunately, the aliens haven't played CryptoHack so they're making several noob mistakes. Therefore they've given us a chance to recover our games and find their flags. <br > They've tried to scramble data on an N64 but don't seem to understand that encoding and ASCII art are not valid types of encryption!<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 4, "difficulty": "easy", "filename": "crypto_nintendo_base64.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 350, "solves": 38, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1957, "name": "PhaseStream 1", "creator": "HackTheBoxTeam", "description": "The aliens are trying to build a secure cipher to encrypt all our games called \"PhaseStream\". They've heard that stream ciphers are pretty good.\nThe aliens have learned of the XOR operation which is used to encrypt a plaintext with a key. They believe that XOR using a repeated 5-byte key is enough to build a strong stream cipher. Such silly aliens!\nHere's a flag they encrypted this way earlier. Can you decrypt it (hint: what's the flag format?)\n2e313f2702184c5a0b1e321205550e03261b094d5c171f56011904<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 4, "difficulty": "easy", "filename": "", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 500, "solves": 11, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1958, "name": "PhaseStream 2", "creator": "HackTheBoxTeam", "description": "The aliens have learned of a new concept called \"security by obscurity\". Fortunately for us they think it is a great idea and not a description of a common mistake.\nWe've intercepted some alien comms and think they are XORing flags with a single-byte key and hiding the result inside 9999 lines of random data, Can you find the flag?<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 4, "difficulty": "easy", "filename": "crypto_ps2.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 3, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1959, "name": "PhaseStream 3", "creator": "HackTheBoxTeam", "description": "The aliens have learned the stupidity of their misunderstanding of Kerckhoffs's principle.\nNow they're going to use a well-known stream cipher (AES in CTR mode) with a strong key. And they'll happily give us poor humans the source because they're so confident it's secure!<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 4, "difficulty": "easy", "filename": "crypto_ps3.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 3, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1960, "name": "SoulCrabber", "creator": "HackTheBoxTeam", "description": "Aliens heard of this cool newer language called Rust, and hoped the safety it offers could be used to improve their stream cipher.<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 4, "difficulty": "easy", "filename": "crypto_soulcrabber.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1961, "name": "Forge of Empires", "creator": "HackTheBoxTeam", "description": "Over thousands of miles, a messenger from the East has arrived with the sacred text. To enable PHOTON MAN and crush the aliens with your robot troopers, the messenger needs you to sign your message!<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 4, "difficulty": "medium", "filename": "crypto_forge_of_empires.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1962, "name": "Little Nightmares", "creator": "HackTheBoxTeam", "description": "Never in your darkest momements did your childhood fears prepare you for an alien invasion. To make matters worse, you've just been given a Little homework by the Lady. Defeat this and she we retreat into the night.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 4, "difficulty": "medium", "filename": "crypto_little_nightmares.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1963, "name": "PhaseStream 4", "creator": "HackTheBoxTeam", "description": "The aliens saw us break PhaseStream 3 and have proposed a quick fix to protect their new cipher.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 4, "difficulty": "medium", "filename": "crypto_ps4.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1964, "name": "RSA jam", "creator": "HackTheBoxTeam", "description": "Even aliens have TLA agencies trying to apply rubber hose cryptanalysis.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 4, "difficulty": "medium", "filename": "crypto_rsa_jam.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1965, "name": "SoulCrabber 2", "creator": "HackTheBoxTeam", "description": "Aliens realised that hard-coded values are bad, so added a little bit of entropy.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 4, "difficulty": "medium", "filename": "crypto_soulcrabber_2.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1966, "name": "Super Metroid", "creator": "HackTheBoxTeam", "description": "Samus needs our help! After a day of burning out her Arm Cannon, blasting Metroids and melting the Mother Brain, she's found her ship's maps have all been encrypted. Lucky for her, these aliens still don't know what they're doing and are trying to roll their own crypto. Can you recover the flag from their elliptic protocol?<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 4, "difficulty": "medium", "filename": "crypto_super_metroid.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1967, "name": "Tetris", "creator": "HackTheBoxTeam", "description": "It seems the aliens might be living backwards in time, so now we're suddenly seeing completely different and older kinds of cipher too.\nThe flag consists entirely of uppercase characters, and is of the form CHTB{SOMETHINGHERE}. You'll still have to insert the {} yourself.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 4, "difficulty": "medium", "filename": "crypto_tetris.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1968, "name": "RuneScape", "creator": "HackTheBoxTeam", "description": "This is an old game, and seeing how big the output file is, I understand where the M in MMO comes from...<br>This challenge will raise 120 euros for a good cause.", "challenge_category_id": 4, "difficulty": "insane", "filename": "crypto_runescape.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1969, "name": "Wii Phit", "creator": "HackTheBoxTeam", "description": "The aliens have encrypted our save file from Wii Phit and we're about to lose our 4,869 day streak!! They're even taunting us with a hint. I think the alien's are getting a bit over-confident if you ask me.<br>This challenge will raise 80 euros for a good cause.", "challenge_category_id": 4, "difficulty": "hard", "filename": "crypto_wii_phit.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1970, "name": "Hyper Metroid", "creator": "HackTheBoxTeam", "description": "Dropping a morph ball bomb, Samus cracked open the floor and dropped down into the guts of Phaaze. At the end of the tunnel is a locked chest containing the hyper beam upgrade. Samus found the encrypted key preserved in a ball of glowing biomass, but can't decode it. Help Samus capture the flag so she can eradicate the alien invasion once and for all.<br>This challenge will raise 120 euros for a good cause.", "challenge_category_id": 4, "difficulty": "insane", "filename": "crypto_hyper_metroid.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1971, "name": "SpongeBob SquarePants: Battle for Bikini Bottom – Rehydrated", "creator": "HackTheBoxTeam", "description": "Wait, spongebob and squarepants don't hash to the same thing?<br>This challenge will raise 120 euros for a good cause.", "challenge_category_id": 4, "difficulty": "insane", "filename": "crypto_spongebob.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1972, "name": "Tetris 3D", "creator": "HackTheBoxTeam", "description": "With all the timey-wimey weirdness going on, I have no idea if the aliens encrypted this before or after the tetris game. All I know is that I want my games back!\nThe flag consists entirely of uppercase characters, and is of the form CHTB{SOMETHINGHERE}. You'll still have to insert the {} yourself.<br>This challenge will raise 120 euros for a good cause.", "challenge_category_id": 4, "difficulty": "insane", "filename": "crypto_tetris_3d.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1977, "name": "Authenticator", "creator": "HackTheBoxTeam", "description": "We managed to steal one of the extraterrestrials' authenticator device. If we manage to understand how it works and get their credentials, we may be able to bypass all of their security locked doors and gain access everywhere!<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 5, "difficulty": "easy", "filename": "rev_authenticator.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 600, "solves": 7, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1978, "name": "Passphrase", "creator": "HackTheBoxTeam", "description": "You found one of their space suits forgotten in a room. You wear it, but before you go away, a guard stops you and asks some questions..<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 5, "difficulty": "easy", "filename": "rev_passphrase.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 575, "solves": 8, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1979, "name": "Backdoor", "creator": "HackTheBoxTeam", "description": "One of our friends has left a backdoor on the extraterrestrials' server. If we manage to take advantage of it, we will be able to control all the doors and lock them outside or open doors to facilites we have no access.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 5, "difficulty": "medium", "filename": "rev_backdoor.zip", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1980, "name": "Alienware", "creator": "HackTheBoxTeam", "description": "We discovered this tool in the E.T. toolkit which they used to encrypt and exfiltrate files from infected systems. Can you help us recover the files?<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 5, "difficulty": "medium", "filename": "rev_alienware.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1981, "name": "Oldest trick in the book", "creator": "HackTheBoxTeam", "description": "A data breach has been identified. The invaders have used the oldest trick in the book. Make sure you can identify what got stolen from us.<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 7, "difficulty": "easy", "filename": "forensics_oldest_trick.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1982, "name": "Key mission", "creator": "HackTheBoxTeam", "description": "The secretary of earth defense has been kidnapped. We have sent our elite team on the enemy's base to find his location. Our team only managed to intercept this traffic. Your mission is to retrieve secretary's hidden location.<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 7, "difficulty": "easy", "filename": "forensics_key_mission.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1983, "name": "Invitation", "creator": "HackTheBoxTeam", "description": "Last night I recieved an invitation, but after I accepted, some wierd things happend in my computer.<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 7, "difficulty": "easy", "filename": "forensics_invitation.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1984, "name": "AlienPhish", "creator": "HackTheBoxTeam", "description": "This PowerPoint presentation was sent to the top leadership of the human resistance effort. We believe it was an attempt by the aliens to phish into our networks. Find the malicious payload and the flag.<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 7, "difficulty": "medium", "filename": "forensics_alienphish.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1985, "name": "Low Energy Crypto", "creator": "HackTheBoxTeam", "description": "Aliens are using a human facility as a storage unit. The owners of the facility said their access credentials stopped working, but it's based on Bluetooth LE. We managed to install a Bluetooth LE sniffer close to the entrance, and captured some packets. Can you manage to get the access credentials from this capture?<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 7, "difficulty": "medium", "filename": "forensics_low_energy_crypto.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 1, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1986, "name": "Serial Logs", "creator": "HackTheBoxTeam", "description": "We have gained physical access to the debugging interface of the Access Control System which is based on a Raspberry Pi-based IoT device. We believe that the log messages of this device contain valuable information of when our asset was abducted<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 15, "difficulty": "easy", "filename": "hw_serial_logs.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 3, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1987, "name": "Compromised", "creator": "HackTheBoxTeam", "description": "An embedded device in our serial network exploited a misconfiguration which resulted in the compromisation of several of our slave devices in it, leaving the base camp exposed to intruders. We must find what alterations the device did over the network in order to revert them before its too late<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 15, "difficulty": "easy", "filename": "hw_compromised.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 3, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1988, "name": "Secure", "creator": "HackTheBoxTeam", "description": "We need to find cover before the invasion begins but unfortunately, the bunker is secured by a smart door lock. The keys of the device are stored in an external microSD connected with wiring with the unsecured part of the device enabling us to capture some traces while trying random combinations. Can you recover the key?<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 15, "difficulty": "easy", "filename": "hw_secure.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 3, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1989, "name": "Off the grid", "creator": "HackTheBoxTeam", "description": "One of our agents managed to store some valuable information in an air-gapped hardware password manage and delete any trace of them in our network before it got compromised by the invaders but the device got damaged during transportation and its OLED screen broke. We need help to recover the information stored in it!<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 15, "difficulty": "medium", "filename": "hw_off_the_grid.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1990, "name": "Alien Camp", "creator": "HackTheBoxTeam", "description": "The Ministry of Galactic Defense now accepts human applicants for their specialised warrior unit, in exchange for their debt to be erased. We do not want to subject our people to this training and to be used as pawns in their little games. We need you to answer 500 of their questions to pass their test and take them down from the inside.<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 8, "difficulty": "easy", "filename": "", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1991, "name": "Input as a Service", "creator": "HackTheBoxTeam", "description": "In order to blend with the extraterrestrials, we need to talk and sound like them. Try some phrases in order to check if you can make them believe you are one of them.<br>This challenge will raise 33 euros for a good cause.", "challenge_category_id": 8, "difficulty": "easy", "filename": "", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1992, "name": "Build yourself in", "creator": "HackTheBoxTeam", "description": "The extraterrestrials have upgraded their authentication system and now only them are able to pass. Did you manage to learn their language well enough in order to bypass the the authorization check?<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 8, "difficulty": "medium", "filename": "", "hasDocker": 1, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1993, "name": "Robotic Inflitration", "creator": "HackTheBoxTeam", "description": "We were able to hack a robot that was operating at a target facility and log its readings using ROS. The robot has an advanced lidar scanner, and these readings should allow us to rebuild the plan for the facility, and will be essential for the next steps of our mission. drive.google.com/file/d/168_fK5H_ZFwIg-fA4iZ_1XAWB3Vg3obR<br>This challenge will raise 43 euros for a good cause.", "challenge_category_id": 8, "difficulty": "medium", "filename": "", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null }, { "id": 1994, "name": "Alienspeak", "creator": "HackTheBoxTeam", "description": "We were able to capture a digital audio stream of what we believe is alien communication. We had scientists building a machine learning model to be able to decode alien language, but they went... on vacation. We recovered some of their files though, and they should help us to recover valuable information from this stream.<br>This challenge will raise 80 euros for a good cause.", "challenge_category_id": 8, "difficulty": "hard", "filename": "misc_alienspeak.zip", "hasDocker": null, "docker_online": null, "docker_port": null, "docker_ports": null, "points": 1000, "solves": 0, "solved": null, "flag_hint": null, "hostname": null } ]