A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

Related tags

Security related resourcesCyber-FastTrack-Spring-2021
Overview

FastTrack Logo

IMPORTANT: Please contact us before you use any styling or content shown here!

Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition - Spring 2021

Mon 5th April 17:00 BST - Wed 7th April 17:00 BST

The CD Skids are back and playing for fun!

This CTF was run for both Cyber FastTrack and National Cyber Scholarship at the same time. Although these writeups were primarily made for Cyber FastTrack, they should also be valid for the National Cyber Scholarship competition.

This repository is the only one to be officially endorsed by Cyber FastTrack staff!

Want to play more and steal all of our flags? Join the National Cyber Scholarship Competition - Practice Arena with Tomahawque event code frail-tub, open until May 31, 2021.

Registration

Leaderboard

Challenge Difficulties

  • Easy - 100pts
  • Medium - 250pts
  • Hard - 500pts
  • Extreme - 1000pts

Challenge Writeups

These have been organized in order they appear on the site:

Binary

Easy Medium Hard Extreme
BE01 BM01 BH01 BX01
BE02 BM02 BX02
BM03

Crypto

Medium Hard Extreme
CM01 CH01 CX01
CM02 CH02

Forensics

Easy Medium Hard
FE01 FM01 FH01
FE02 FM02
FE03 FM03
FE04

Networking

Easy Medium
NE01 NM01

Web

Easy Medium Hard Extreme
WE01 WM01 WH01 WX01
WE02 WM02 WH02
WM03
WM04
WM05

Event Info & Code of Conduct

Welcome to the Cyber FastTrack Capture the Flag (CTF).

Our challenges will test your creativity, technical skills and problem-solving ability. Identify your strengths and weaknesses as you analyze forensic data, break into vulnerable websites, and solve challenges built by industry experts!

Rules of Engagement

  1. You must participate fairly, as an individual, such that your score reflects your own individual ability. Telephone calls may be made after the event to validate your performance.
  2. Identified cheating may result in ejection from the event, and a ban of the individual participant or their school including all participants thereunder. Anyone banned from the event will be disqualified from all prizes in this, and future Cyber FastTrack CTF competitions. Sharing of flags, challenge keys, or providing revealing hints to other participants are some examples of what activities are considered cheating; this should not be considered an exhaustive list. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  3. During this competition you will be provided with access to challenges and content for you to solve. You agree not to share solutions, post blogs, or otherwise share solutions until the competition is closed. After this period sharing solutions and write-ups is thoroughly encouraged and does not require express permission from the service provider.
  4. You may only use tools, techniques, or processes against the targets and endpoints identified in the challenge briefings, which you are given explicit permission to target. Use of the tools, techniques or processes against the infrastructure of the competition or other services outside the scope identified may be a violation of (amongst others) the Computer Misuse Act 1990 of the United Kingdom or the Computer Fraud and Abuse Act of the United States. In circumstances where error cannot be blamed, violation could result in rejection from this event, the Cyber FastTrack program, or prosecution by the relevant legal authority. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  5. You agree not to intentionally disrupt the service, the provided challenges or infrastructure such as through the use of Distributed Denial of Service attacks. Doing so may result in termination of your access, or sharing of your information with the relevant legal authorities. It is not acceptable to attempt denial of service attacks, or to purposefully attempt to cause damage to the infrastructure or data, nor is it acceptable to identify flaws and to purposefully attempt to damage or disrupt other platform users, or their data.
  6. Absolutely no sabotaging of other competing participants, or in any way hindering their independent progress.

Good luck!

Advice from James Lyne

Unsure if you should compete? We've got some advice from James Lyne!

Contributors

Thanks to all the contributors who have solved challenges and submitted writeups to this repository:

And of course:

Tomahawque Footer

Owner
Alice
BSc (Hons) Forensic Computing & Security Student
Alice
GitHub Repository
This script allows you to make a onion host instantly.

Installation It only works in Debian based Linux distros. Clone the repo: git clone https://github.com/0xStevenson/Auto-Tor-Host.git Go to the direct

Steven 4 Feb 22, 2022
Hack any account sending fake nitro QR code (only for educational purpose)

DISCORD_ACCOUNT_HACKING_TOOL ( EDUCATIONAL PURPOSE ) Hack any account sending fake nitro QR code (only for educational purpose) Start my program token

Novy 7 Jan 07, 2022
Tensorflow 1.13.X implementation for our NN paper: Wei Xia, Sen Wang, Ming Yang, Quanxue Gao, Jungong Han, Xinbo Gao: Multi-view graph embedding clustering network: Joint self-supervision and block diagonal representation. Neural Networks 145: 1-9 (2022)

Multi-view graph embedding clustering network: Joint self-supervision and block diagonal representation Simple implementation of our paper MVGC. The d

WeiXia 13 Oct 26, 2022
Nmap scanner with python

Nmap_scanner Usage: sudo python3 nmap_ping.py -i Network List.txt -o Output Folder Location Program can Run Ping Scan Run Port Scan Run Nmap Vuln

Arshaad Mohiadeen 3 Apr 13, 2022
MozDef: Mozilla Enterprise Defense Platform

MozDef: Documentation: https://mozdef.readthedocs.org/en/latest/ Give MozDef a Try in AWS: The following button will launch the Mozilla Enterprise Def

Mozilla 2.2k Jan 08, 2023
IDA Frida Plugin for tracing something interesting.

IDAFrida A simple IDA plugin to generate FRIDA script. Edit template for functions or you can use the default template. Select functions you want to t

PandaOS 133 Dec 24, 2022
Hadoop Yan ResourceManager unauthorized RCE

Vuln Impact There was an unauthorized access vulnerability in Hadoop yarn ResourceManager. This vulnerability existed in Hadoop yarn, the core compone

Al1ex 25 Nov 24, 2022
This is a simple PoC for the newly found Polkit error names PwnKit

A Python3 and a BASH PoC for CVE-2021-4034 by Kim Schulz

Kim Schulz 16 Sep 06, 2022
Open source vulnerability DB and triage service.

OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

Google 893 Jan 04, 2023
Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Take Note! With the exception of issues and PRs regarding changes to hosts/data/StevenBlack/hosts, all other issues regarding the content of the produ

Steven Black 22.1k Jan 02, 2023
Python tool for dumping flash via uboot reliably

Reliable Uboot Flash Dumper is a Python tool for dumping flash via uboot reliably. If you've ever had to dump flash via uboot and a serial connection and became frustrated about doing it several time

SecurityJon 25 May 10, 2022
PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM <= 8.0.1

CVE-2021-45897 PoC for CVE-2021-45897 aka SCRMBT-#180 - RCE via Email-Templates (Authenticated only) in SuiteCRM = 8.0.1 This vulnerability was repor

Manuel Zametter 17 Nov 09, 2022
Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Big-Papa is a remote cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication

77 Jan 03, 2023
Automatically download all 10,000 CryptoPunk NFTs.

CryptoPunk Stealer The sole purpose of this script is to download the entire CryptoPunk NFT collection. How does it work? Basically, the website where

Dan 7 Oct 22, 2022
This repo created for bypassing Widevine L3 DRM and obtaining keys.

First run: Copy headers (with cookies) of POST license request from browser to headers.py like dictionary. pip install -r requirements.txt # if doesn'

Mikhail 263 Jan 07, 2023
SpiderFoot automates OSINT collection so that you can focus on analysis.

SpiderFoot is an open source intelligence (OSINT) automation tool. It integrates with just about every data source available and utilises a range of m

Steve Micallef 9k Jan 08, 2023
Kunyu, more efficient corporate asset collection

Kunyu(坤舆) - More efficient corporate asset collection English | 中文文档 0x00 Introduce Tool introduction Kunyu (kunyu), whose name is taken from , is act

Knownsec, Inc. 772 Jan 05, 2023
Python APK Reverser & Patcher Tool

DTL-X An Advanced Python APK Reverser and Patcher Tool. --rmads1: target=AndroidManifest.xml,replace=com.google.android.gms.ad --rmads2: No Internet (

DedSecTL 10 Oct 31, 2022
Um script simples de Port Scan + DNS by Hostname

🖥 PortScan-DNS Esta é uma ferramenta simples de Port Scan + DNS by Hostname... 💻 | DNS Resolver / by Hostname: HOST IP EXTERNO IP INTERNO 💻 | Port

AlbâniaSecurity-RT 7 Dec 08, 2022
A simple python script to dump remote files through a local file read or local file inclusion web vulnerability.

A simple python script to dump remote files through a local file read or local file inclusion web vulnerability. Features Dump a single file w

Podalirius 48 Dec 03, 2022