HTB x UNI CTF 2021: HackTheBox University Capture The Flag Qualifiers

Рет қаралды 6,349

Күн бұрын

Video walkthrough for some challenges from the ‪@HackTheBox‬ University Capture The Flag (CTF) Qualifiers 2021. We'll cover some Forensics (DFIR), Reverse Engineering (RE), Binary Exploitation (Pwn) and Web challenges including: docker layer obfuscation, malicious macros (powerpoint), credential/password extraction, Cobalt Strike traffic decryption, use-after-free (UAF) vulnerabilities and zip slip to RCE via file upload. We'll use a variety of tools e.g. Ghidra, GDB-PwnDbg, Checksec, Wireshark, Burp Suite, Radare, Cobalt Strike analysis scripts, ViperMonkey and olevba. Write-ups/tutorials aimed at beginners - Hope you enjoy 🙂 #HackTheBox #HTBUniCTF2021 #CaptureTheFlag #CTF
HackTheBox: affiliate.hackthebox.com/cryp...
HTB Academy: affiliate.hackthebox.com/cryp...
↢Social Media↣
Twitter: / _cryptocat
GitHub: github.com/Crypto-Cat
HackTheBox: app.hackthebox.eu/profile/11897
LinkedIn: / cryptocat
Reddit: / _cryptocat23
KZfaq: / cryptocat23
Twitch: / cryptocat23
↢Hack The Box↣
www.hackthebox.com/universiti...
ctf.hackthebox.com/ctf/173
/ hackthebox_eu
/ discord
↢Resources↣
Ghidra: ghidra.re/CheatSheet.html
Volatility: github.com/volatilityfoundati...
PwnTools: github.com/Gallopsled/pwntool...
CyberChef: gchq.github.io/CyberChef/
DCode: www.dcode.fr/en
HackTricks: book.hacktricks.xyz/pentestin...
CTF Tools: github.com/apsdehal/awesome-ctf
Forensics: cugu.github.io/awesome-forens...
Decompile Code: www.decompiler.com/
Run Code: tio.run/
Start: 0:00
Forensics: Peel back the layers - 0:55
Forensics: Strike back - 14:08
Reversing: Upgrades - 29:34
Reversing: Vault - 38:02
Web: Slippy - 49:14
Pwn: Arachnoid Heaven - 1:07:02
End: 1:23:33

Пікірлер: 32

@bloombusta1081 2 жыл бұрын

what an absolute legend. Great editing as well!!! Mans got the audio sounding crisp

@_CryptoCat 2 жыл бұрын

thank you 🥰🥰🥰

@Buckminsterfullerene02 2 жыл бұрын

Awesome video man! I got quite far with Vault and Arachnoid Heaven but am still quite new to reversing and am not well versed with gdb yet. With Upgrades, I actually just opened the VBA macro in Powerpoint, although I did have to hex edit the project so that I could get past the password protection on it (I should have just used Libre Office!). From there I replaced all the various hex strings into the label output until I got the flag output. I also got punished with doing this natively because I accidentally ran the macro in the editor and the command that happened to be in the print was one that spawned a shell and ran shutdown command :P

@_CryptoCat 2 жыл бұрын

thanks mate 🥰 omg the macro was designed to shutdown the computer?! ultimate troll 😂

@saketsrv9068 2 жыл бұрын

This man has great skills... Honestly

@_CryptoCat 2 жыл бұрын

🥰🥰🥰

@davidbillhardt7156 2 жыл бұрын

Just to further elaborate, in the vault reversing challenge, in the loop the bvar2 variable is set to the value returned by a function that changes every loop as it is part of a vtable. So as i understand it is like an array of pointers to different functions and in this case each of those functions just return a integer. The offset to each function is calculated by the values in a hardcoded array (the DAT_001...). So when i solved this i calculated the offset manually, looked at the value returned by the function called in each iteration and then paste each value to cyberchef to convert from decimal. Now looking at your writeup i feel a bit stupid for not just debugging and checking the values like you did, which is much faster and easier.

@_CryptoCat 2 жыл бұрын

aha i feel the opposite way! a bit stupid for not knowing the intended solution to the challenge was vtables 😂 my way might of been a bit quicker but it sounds like you had a better understanding of the programs functionality 🥰

@bhaitabahi786 2 жыл бұрын

great waiting for this video and it came thanks sir

@_CryptoCat 2 жыл бұрын

thanks mate! hope you enjoy 🥰

@fdvoid0 2 жыл бұрын

NICE VIDEO!

@_CryptoCat 2 жыл бұрын

thanks mate 🥰

@dekajulian7296 2 жыл бұрын

wahh, i also join this competition btw, What is your team's rank brow or you alone ? uk is so dominant at the top :)

@_CryptoCat 2 жыл бұрын

i was playing this one alone, i think placed around 100th but i wasn't really going for placement, just picked a few categories to focus on 😁

@dekajulian7296 2 жыл бұрын

@@_CryptoCat wow alone, where is your friends bro xd

@_CryptoCat 2 жыл бұрын

@@dekajulian7296 what friends 😭

@jarvis9092 2 жыл бұрын

Bro can you say how you learned all these stuff or give me a pathway how i can learn too..I also would like to learn all this and become someone like you please.

@_CryptoCat 2 жыл бұрын

honestly bro the best way is just get stuck into boxes/challenges on HackTheBox! at the start you might struggle with some concepts but for retired boxes/challs you can refer to walkthroughs and you can ask for help in HTB discord if you are stuck on active ones. check out the CTF events that run regularly on CTFtime.org as well, do your best to solve some challenges then refer to walkthroughs after the competition to see the solutuons to the ones youve missed. finally, there's a lot of other great resources in terms of practical exercises and other creators who make excellent content to help the learning process: github.com/Crypto-Cat/CTF#readme 😉

@orxanovn5057 2 жыл бұрын

very hard

@_CryptoCat 2 жыл бұрын

yeh haha these were the easiest challenges as well 😳

@orxanovn5057 2 жыл бұрын

@@_CryptoCat but i can htb machine

@orxanovn5057 2 жыл бұрын

@@_CryptoCat i am learn cyber

@_CryptoCat 2 жыл бұрын

awesome! well CTFs and HTB are a great way to do it 😊

@orxanovn5057 2 жыл бұрын

@@_CryptoCat why

@sharkmoos8741 2 жыл бұрын

Aren't you a PhD student? You broke rule number two of the CTF "Only students currently enrolled in a bachelor’s or master's program can participate in this event."

@_CryptoCat 2 жыл бұрын

haha yes that is true! i wasn't playing competitively though (for placement or prizes), just playing solo to learn and have some fun 😊 i dont think John Hammond (and some others) are students either 🤔😅 also i'm enrolled on a CDT program, which is actually a MSc and PhD combined.. so technically 👀

@bbbbbbbbbbbbbbssn 2 жыл бұрын

@@_CryptoCat Ooh beat the system 😎 Anyways loved you video as usual, didnt know how to solve vault

@_CryptoCat 2 жыл бұрын

@@bbbbbbbbbbbbbbssn you know it! hackers gonna hack 😉 thanks bro, vault was pretty difficult. i guess the intended solution was to analyse the vtable mappings but thankfully my one (and pretty much only) reversing technique of "break @ CMP" didn't fail me 😂