Day 1 - HTB Cyber Santa CTF: HackTheBox Capture The Flag 2021 (beginner friendly)

Рет қаралды 15,749

Күн бұрын

Video walkthrough for the challenges from Day 1 of the ‪@HackTheBox‬ "Cyber Santa" Capture The Flag (CTF) 2021. We'll cover some Forensics (DFIR), Reverse Engineering (RE), Binary Exploitation (Pwn), Cryptography (Crypto) and Web challenges including: traffic analysis, XSS, common modulus attack (RSA), buffer overflow and static/dynamic binary analysis. We'll make use of popular tools including Ghidra, GDB-PwnDbg, strace, Checksec, PwnTools Wireshark, Burp Suite, Radare and RsaCTFTool. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTBCyberSanta21 #CaptureTheFlag #CTF
HackTheBox: affiliate.hackthebox.com/cryp...
HTB Academy: affiliate.hackthebox.com/cryp...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢Hack The Box↣
www.hackthebox.com/events/san...
ctf.hackthebox.com/ctf/249
/ hackthebox_eu
/ discord
↢Resources↣
Ghidra: ghidra-sre.org/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef/
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forens...
Decompile Code: www.decompiler.com/
Run Code: tio.run/
Start: 0:00
Forensics: Baby APT - 1:05
Web: Toy Workshop - 4:34
Crypto: Common Mistake - 13:46
Pwn: Mr Snowy - 23:54
Reversing: Infiltration - 41:32
End: 56:33

Пікірлер: 60

@_CryptoCat 2 жыл бұрын

Python scripts to go with the challenges: github.com/Crypto-Cat/CTF/tree/main/ctf_events/htb_cyber_santa_21 Challenge walkthroughs from the rest of the days will be released this week 🥰

@hadrian3689 2 жыл бұрын

Great work! Looking forward to the rest of the series to see your thought process on some of these. Thanks for taking the time

@_CryptoCat 2 жыл бұрын

thanks mate 🥰

@trblmkr5139 Жыл бұрын

within the first like 3 minutes I knew I had found what I was looking for!

@_CryptoCat Жыл бұрын

🙏🥰

@KeinVorhandenerUser 2 жыл бұрын

Great video! Really good beginner friendly explanation of the challenges, thanks!

@_CryptoCat 2 жыл бұрын

thanks mate 🥰

@0xgodson119 2 жыл бұрын

Welcome Back!

@_CryptoCat 2 жыл бұрын

nandri 😻

@sike5943 2 жыл бұрын

This helped alot, thanks

@_CryptoCat 2 жыл бұрын

awesome, great to hear! 🥰

@roberttolito7665 2 жыл бұрын

Thanks for the video. Sadly I was only able to solve 1 ctf challange. But I know with time and dedication, I will get better.

@_CryptoCat 2 жыл бұрын

you will mate!! keep it up 😻

@KebabTM 2 жыл бұрын

The RsaCtfTool attacks are talking about "common factor attacks" which are the prime factors used to generate n. It does not support common modulus attack afaik.

@_CryptoCat 2 жыл бұрын

ahh ty, i'm going to have to give up on the RsaCtfTool 🙁 it's helped me avoid some maths up until now but i used it for one of the other crypto challs and it took 5-10 mins to get the flag and didn't even tell me which attack was successful 😂 i was searching through the git repo to see if there is a "stop_on_success" option and there isn't lol 🤔

@spaulbrv 2 жыл бұрын

This was a fun one and I was pleasently surprised to find you on the scoreboard as well. I actually used one of your templates to solve Mr.Snowy :D

@_CryptoCat 2 жыл бұрын

oh no i'm aiding the competition!! 😂 nah that's awesome bro, happy it could help 🥰

@spaulbrv 2 жыл бұрын

@@_CryptoCat It was the only pwn I solved. I placed 212th so not much of a competitor 🤣. You're awesome though. I'm slowly learning more.

@_CryptoCat 2 жыл бұрын

@@spaulbrv yo i'm pretty sure there was like 7k players registered so that's not bad at all! i think i came like 60th overall (maybe a bit lower i last checked about 20 min before the end)

@bhaitabahi786 2 жыл бұрын

great sir learned a lot

@_CryptoCat 2 жыл бұрын

awesome! 🥰

@Kartikeyj96 2 жыл бұрын

Excellent video !! 😊😊. I am waiting for the last day challenges videos. Not able to solved them

@_CryptoCat 2 жыл бұрын

thank you 🥰 i actually only did the web chall on day 5 myself, i might make videos for some of the other challenges as well though. will see how it goes 😊

@dominicldoe4838 2 жыл бұрын

Will you be posting all the challenges videos? Completed all crypto challenges except the last one which was today, also I went down a lot of rabbit holes, do I need to really look in to where I was going wrong.

@_CryptoCat 2 жыл бұрын

yes mate! videos for all challenges from days 1-4 will be released over coming days and i'll probably do some seperate videos for some of the day 5 challs 😉

@Umar0x01 2 жыл бұрын

Is it possible to get the challenge files? The binaries?

@_CryptoCat 2 жыл бұрын

they are still available for download for 48 hours after the competition 😉

@cimihan4816 2 жыл бұрын

Upload those forensics chals of day 2 and 3. XD

@_CryptoCat 2 жыл бұрын

day 2 challenge video released later today, then day 3 tomorrow 😉

@pligonstein615 2 жыл бұрын

Can i still do the challenges even though the ctf ended?

@_CryptoCat 2 жыл бұрын

the after event runs for 48 hours since the end of the competition so i think you still have a few hours to check it out (and download the files) 😉

@jaswinderkaur7699 2 жыл бұрын

12:50

@_CryptoCat 2 жыл бұрын

🤔

@pythonxsecurity8287 2 жыл бұрын

omg d'his is so easy but so hard

@_CryptoCat 2 жыл бұрын

HackTheBox is ALWAYS hard 😂 super high quality challenges though 😻

@trianareese7649 2 жыл бұрын

What does it take for someone to be able to understand what your doing, to play the game successfully?

@_CryptoCat 2 жыл бұрын

just keep playing CTFs! read writeups on challenges you fail to solve and if you don't understand the writeups at all, go and review the underlying concepts. if you study computing at college/university alongside CTFs, you'll be learning a lot of the fundamental concepts that will help as well 🙂

@trianareese7649 2 жыл бұрын

@@_CryptoCat .. thank you, I will do just that!

@graciousyaro103 2 жыл бұрын

Please how is this beginner friendly 😭😭😭

@_CryptoCat 2 жыл бұрын

when i said "beginner friendly" i meant i try to explain concepts/approach in enough detail for beginners to understand not necessarily that the challenges are "beginner" 😆 tbf compared to some HackTheBox CTFs it is relatively beginner but it is just that; "relative" 😁 as long as you learn something (i hope) that is the main thing 😊

@graciousyaro103 2 жыл бұрын

@@_CryptoCat didn't know that was the definition of beginner friendly, thank you Sir😭😭🥺

@Sh3lld0n 2 жыл бұрын

Where can I find the files for reverse?

@_CryptoCat 2 жыл бұрын

HackTheBox don't permit publishing of CTF challenge files, so you have to make sure to download them during the competition (or within 72 hours of it ending). that being said, if you check the official HTB discord some players may have kept hold of files and be willing to share privately 👀😉

@Sh3lld0n 2 жыл бұрын

Thank you so much 👍🏻. And I have one question. Where can I find the password for ctf in Hack The Box?

@bazi7774 8 ай бұрын

Hey can you help me with HTB capture the flag

@_CryptoCat 8 ай бұрын

I don't have a lot of time these days but check out the hackthebox discord!

@adiknash2003 2 жыл бұрын

Please give me resources for cryptography

@_CryptoCat 2 жыл бұрын

cryptohack.org

@pythonxsecurity8287 2 жыл бұрын

PLaiz I'm Very Low At Pwn And Reverse PLaiz Can You GivMe A Source For Learn And Tank You

@_CryptoCat 2 жыл бұрын

sure! some good resources here: github.com/Crypto-Cat/CTF#readme - i particularly recommend HackTheBox pwn challenges and ROP Emporium 😉

@currandero 2 жыл бұрын

as a beginner this CTF was quite difficult, what advice would you have for someone who only managed to solve “mr_snowy” 😅 like where do I start to get better at these and how? just trying CTFs and then checking writeups to learn or are there other ways too? regardless your channel is really valuable and without you I wouldn’t even have done that one challenge so thank you ❤️

@_CryptoCat 2 жыл бұрын

honestly what you describe is exactly the best way to learn imo! dont worry if you dont solve challenges, just spend enough time on them that will ensure when you do read (or watch) a writeup, you'll remember it 🙂 if there are certain topics you're really struggling with and can't understand the writeups, sometimes you'll benefit from stepping back and doing some background research / learn the basics e.g. i know very little about heap exploitation and i know that before start working on heap challenges, i need to go and learn the fundamentals. there's a list of the practical resources and some of the youtube/twitch creators who i find helpful for learning here: github.com/Crypto-Cat/CTF#readme 🥰🥰🥰

@currandero 2 жыл бұрын

@@_CryptoCat thank you! Will definitely try to spend more time researching and learning, such a bummer I don’t have as much free time cause of uni 😭 I really appreciate your help and fast responses and if you don’t mind I have one last question, what would you tell someone that wants to get hired in the field of cybersecurity but is at the start of the career? I know internships are a good start but it almost feels like you need experience already for them, and do you have any idea if resumes need to be in a specific format or something?

@_CryptoCat 2 жыл бұрын

@@currandero if you are doing computer science or related studies at uni that will all help you in the long run! my one tip outside of internships.. CTFs!! 😁 get your rank up on HackTheBox, TryHackMe etc - not only will you build the knowledge and experience employers look for but it will really impress interviewers if you can show you are passionate about hacking 😊 resume wise i think linkedin is really better than a traditional CV.. also any blogs, GitHub, CTF certificates/rankings can help 😉

@deinvasion5482 2 жыл бұрын

@@_CryptoCat Hey CryptoCat, how long have you been doing CTFs and start programming in general? I’ve started learning programming last year and been getting into ctfs for about 1.5 years now but I still can’t grasp intermediate pwn/rev concepts and cryptography in general and I feel stupid for it, and just wondering how long did it take for you to get good at these categories?

@currandero 2 жыл бұрын

@@_CryptoCat thank you so much!

@trblmkr5139 Жыл бұрын

"beginner friendly" bwahahaha ok now tell me another joke

@_CryptoCat Жыл бұрын

😮😥

@cimihan4816 2 жыл бұрын

Upload those forensics chals of day 2 and 3. XD