A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

Related tags

Security related resourcesCyber-FastTrack-Spring-2021
Overview

FastTrack Logo

IMPORTANT: Please contact us before you use any styling or content shown here!

Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition - Spring 2021

Mon 5th April 17:00 BST - Wed 7th April 17:00 BST

The CD Skids are back and playing for fun!

This CTF was run for both Cyber FastTrack and National Cyber Scholarship at the same time. Although these writeups were primarily made for Cyber FastTrack, they should also be valid for the National Cyber Scholarship competition.

This repository is the only one to be officially endorsed by Cyber FastTrack staff!

Want to play more and steal all of our flags? Join the National Cyber Scholarship Competition - Practice Arena with Tomahawque event code frail-tub, open until May 31, 2021.

Registration

Leaderboard

Challenge Difficulties

  • Easy - 100pts
  • Medium - 250pts
  • Hard - 500pts
  • Extreme - 1000pts

Challenge Writeups

These have been organized in order they appear on the site:

Binary

Easy Medium Hard Extreme
BE01 BM01 BH01 BX01
BE02 BM02 BX02
BM03

Crypto

Medium Hard Extreme
CM01 CH01 CX01
CM02 CH02

Forensics

Easy Medium Hard
FE01 FM01 FH01
FE02 FM02
FE03 FM03
FE04

Networking

Easy Medium
NE01 NM01

Web

Easy Medium Hard Extreme
WE01 WM01 WH01 WX01
WE02 WM02 WH02
WM03
WM04
WM05

Event Info & Code of Conduct

Welcome to the Cyber FastTrack Capture the Flag (CTF).

Our challenges will test your creativity, technical skills and problem-solving ability. Identify your strengths and weaknesses as you analyze forensic data, break into vulnerable websites, and solve challenges built by industry experts!

Rules of Engagement

  1. You must participate fairly, as an individual, such that your score reflects your own individual ability. Telephone calls may be made after the event to validate your performance.
  2. Identified cheating may result in ejection from the event, and a ban of the individual participant or their school including all participants thereunder. Anyone banned from the event will be disqualified from all prizes in this, and future Cyber FastTrack CTF competitions. Sharing of flags, challenge keys, or providing revealing hints to other participants are some examples of what activities are considered cheating; this should not be considered an exhaustive list. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  3. During this competition you will be provided with access to challenges and content for you to solve. You agree not to share solutions, post blogs, or otherwise share solutions until the competition is closed. After this period sharing solutions and write-ups is thoroughly encouraged and does not require express permission from the service provider.
  4. You may only use tools, techniques, or processes against the targets and endpoints identified in the challenge briefings, which you are given explicit permission to target. Use of the tools, techniques or processes against the infrastructure of the competition or other services outside the scope identified may be a violation of (amongst others) the Computer Misuse Act 1990 of the United Kingdom or the Computer Fraud and Abuse Act of the United States. In circumstances where error cannot be blamed, violation could result in rejection from this event, the Cyber FastTrack program, or prosecution by the relevant legal authority. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  5. You agree not to intentionally disrupt the service, the provided challenges or infrastructure such as through the use of Distributed Denial of Service attacks. Doing so may result in termination of your access, or sharing of your information with the relevant legal authorities. It is not acceptable to attempt denial of service attacks, or to purposefully attempt to cause damage to the infrastructure or data, nor is it acceptable to identify flaws and to purposefully attempt to damage or disrupt other platform users, or their data.
  6. Absolutely no sabotaging of other competing participants, or in any way hindering their independent progress.

Good luck!

Advice from James Lyne

Unsure if you should compete? We've got some advice from James Lyne!

Contributors

Thanks to all the contributors who have solved challenges and submitted writeups to this repository:

And of course:

Tomahawque Footer

Owner
Alice
BSc (Hons) Forensic Computing & Security Student
Alice
GitHub Repository
Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

CorrelAid Machine Learning Spring School Welcome to the CorrelAid ML Spring School! In this repository you can find the slides and other files for the

CorrelAid 12 Nov 23, 2022
Tools Crack Fb Terbaru

Tools Crack Fb Terbaru

Jeeck 12 Jan 06, 2022
A Python wrapper around the OpenSSL library

pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where

Python Cryptographic Authority 795 Dec 29, 2022
Details,PoC and patches for CVE-2021-45383 & CVE-2021-45384

CVE-2021-45383 & CVE-2021-45384 There are several network-layer vulnerabilities in the official server of Minecraft: Bedrock Edition (aka Bedrock Serv

20 Apr 07, 2022
Workshop Material on VM-based Deobfuscation

Analysis of Virtualization-based Obfuscation This repository contains slides, samples and code of the 4h code deobfuscation workshop at r2con2021. We

Tim Blazytko 133 Dec 18, 2022
CodeTest信息收集和漏洞利用工具

CodeTest信息收集和漏洞利用工具,可在进行渗透测试之时方便利用相关信息收集脚本进行信息的获取和验证工作,漏洞利用模块可选择需要测试的漏洞模块,或者选择所有模块测试,包含CVE-2020-14882, CVE-2020-2555等,可自己收集脚本后按照模板进行修改。

23 Mar 18, 2021
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

log4j-finder A Python3 script to scan the filesystem to find Log4j2 that is vulnerable to Log4Shell (CVE-2021-44228) It scans recursively both on disk

Fox-IT 431 Dec 22, 2022
IDA Frida Plugin for tracing something interesting.

IDAFrida A simple IDA plugin to generate FRIDA script. Edit template for functions or you can use the default template. Select functions you want to t

PandaOS 133 Dec 24, 2022
It's a simple tool for test vulnerability shellshock

Shellshock, also known as Bashdoor, is a family of security bugs in the Unix Bash shell, the first of which was disclosed on 24 September 2014. Shellshock could enable an attacker to cause Bash to ex

Mr. Cl0wn - H4ck1ng C0d3r 88 Dec 23, 2022
Hubble is a modular, open-source security compliance framework. The project provides on-demand profile-based auditing, real-time security event notifications, alerting, and reporting. HubbleStack is a free and open source project made possible by Adobe. https://github.com/adobe

Welcome to HubbleStack!! You can find the docs here You can file an issue here Follow us on Twitter! Development Below are sample instructions to setu

HubbleStack 368 Jan 04, 2023
Big-Papa Integrates Javascript and python for remote cookie stealing which then can be used for session hijacking

Big-Papa is a remote cookie stealer which can then be used for session hijacking and Bypassing 2 Factor Authentication

77 Jan 03, 2023
This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit relays only.

This is a partial and quick and dirty proof of concept implementation of the following specifications to configure a tor client to use trusted exit re

22 Nov 09, 2022
HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Google Cloud Platform 854 Dec 30, 2022
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes

log4j-nullroute Quick script to ingest IP feed from greynoise.io for log4j (CVE-2021-44228) and null route bad addresses. Works w/Cisco IOS-XE and Ari

Ryan 5 Sep 12, 2022
Nmap automated port scanner written in Python

port-scanner Nmap automated port scanner written in Python. USE: Clone the module Import the module: from portscanModule import portscanner Use: ports

Brayden Karnes 1 Dec 03, 2021
Password database With special stuff

This is a Password database I made for myself, as I want to keep all my passwords in the same place. but still protected, shall anyone get access to the file. And so I made this simple password datab

9 Oct 30, 2022
CVE-2022-23046 - SQL Injection Vulnerability on PhpIPAM v1.4.4

CVE-2022-23046 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL s

2 Feb 15, 2022
An intranet tool for easily intranet pentesting

IntarKnife v1.0 a tool can be used in intarnet for easily pentesting moudle hash spray U can use this tool to spray hash on a webshell IntraKnife.exe

4 Nov 24, 2021
The RDT protocol (RDT3.0,GBN,SR) implementation and performance evaluation code using socket

소켓을 이용한 RDT protocols (RDT3.0,GBN,SR) 구현 및 성능 평가 코드 입니다. 코드를 실행할때 리시버를 먼저 실행하세요. 성능 평가 코드는 패킷 전송 과정을 제외하고 시간당 전송률을 출력합니다. RDT3.0 GBN SR(버그 발견으로 구현중 입니

kimtaeyong98 0 Dec 20, 2021
Dapunta Multi Brute Force Facebook - Crack Facebook With Login - Free

✭ DMBF CRACK Dibuat Dengan ❤️ Oleh Dapunta Author: - Dapunta Khurayra X ⇨ Fitur Login [✯] Login Token ⇨ Fitur Crack [✯] Crack Dari Teman, Public,

Dapunta ID 10 Oct 19, 2022