Press "Enter" to skip to content

Category: H4ck1t

Score: 2285
Rank(Team place/1 point or above team/total team): 76/459/1062

[H4CK1T]Ethiopia – Crypt00perator – 95pts

Description: Long time ago one security module has been written. But fornow its sources have been missed somehow. We have forgotten th3access k3y, which, as we remember, has been hardcoded inside themodule. Help us to recollect th3 k3y!11 h4ck1t{} Solution: After analysis the execution program, found that it is an64bit execution program. So we have to use 64bit debugger. First, search all the references string of the program andjump into the comparison point. and we get this”o3dl6s|41a42344d110746d574e35c2f77ab6>3z” We try to input it as key and watch the value of each memoryaddress


Comments closed

[H4CK1T]Fucking russian programmers – 100pts

Description: The program has gone crazy and outputs completely unbalanced answers 🙁 Help to correct the error and send the correct data until they not obsolete… h4ck1t{} Solution: Open the web, we can see it: The main point is here:

If he gave you ])[[ , the answer should be []()[][] , ([])[[]] or [(])[][]. So you need to automatic complete the brackets if it has opened or closed. The most difficult point is that how to know the ([{ has been closed. So I write a loop to find if it has been closed put a “/” before ([{ and )]}, when I run the add function, ignore added when “/” before the ([{. )]} is the same way to make it. Take some times to write the java code:

We get back to the web: Put the question into the script Finally we got the flag: flag:

Comments closed

[H4CK1T]7r0bl3 – 200pts

Description: Our network has been compromised! Find out what information hackers might gain access. Solution: 這是pcap檔案中network transmission 中最要的部份 所做的動作是使用username:agent , password:securepassword 登入ftp 取得 然後我們可以在2023行中提取 解壓後有一文字檔案 , 內容為 68 34 63 6b 31 74 7b 73 30 5f 33 34 73 59 5f 46 6c 34 67 5f 68 75 68 7d 將hex轉換為string h4ck1t{s0_34sY_Fl4g_huh}

Comments closed

[H4CK1T]FullyD00M3D – 50pts

Description: Hell on the Earth!! Skulltag: h4ck1t{flag.lower()} Solution: Goole the questions name as “Fully DOOM 3D”, it was a game. Just download from internet and connect to the official server: The free hints is:

So I type ` get into the console. Then I get this: Flag:

Comments closed

[H4CK1T]Mexico – Remote pentest – 150pts

Description: EN: Our foreign partners have some problems with qualified staffin the field of information technology, we decided to help them andto conduct remote testing of their new website. Your task is tofind a hole in the system and grab some information to confirm thehack .Good luck ! h4ck1t{} Solution: 連接上網頁後 , 發現index.php中有3個連結 , 分別是 index.php?page=about index.php?page=services index.php?page=contact 這個設計是將page中的value放進一個parameter 再進行include page 所以我們可以嘗試, 果然有代碼執行的漏洞 , 所以可以開始任意玩弄了 我的第一步是取得網頁的原始碼, 得到 算法跟一開始想的差不多 , 但是仍然沒有flag 那試試列出目錄下所有檔案好了, 所以得出flag$3cr3t_f1le.php


Comments closed

[H4CK1T]Mozambique – 150pts

Description: EN: Implementing of the latest encryption system as alwaysbrought a set of problems for one of the known FSI services: theyhave lost the module which is responsible for decoding information.And some information has been already ciphered! Your task fortoday: to define a cryptoalgorithm and decode the message. Solution: 在查看圖片後發現被插入了一些像數 , 出現的間隔24個Pixel 在找出最後一點的像數後 , 發現是1512 , 除以24是63 , 由於是為0開始 ,所以最終圖片可能是64×64 故寫一script抽出所有像數


Comments closed

[H4CK1T]Crypt0P1xels – 250pt

Desciprion: EN: We have received pictures from the enemy companion of theunknown before planet. And we haven’t thought up anything better,than to construct DeathStarV3 (the general was a fan of “StarWars”) and to absorb energy of the whole planet! And again we arepursued by problems: that we don’t know coordinate! Your task is todetermine coordinates of this unique planet (which according to ourspy are ciphered in the image). Also he could steal one of thescripts intended for embedding of coordinates. All hope only foryou! Solution: 第一步是先看懂題目給予的 code:

0,0這個pixel的Red value代表的是flag的長度是多少 , 經查看後發現其值是33 然後第一步是生成一個1-255的x和y , 將 (len(flag),x,y)寫入0,0 第二步是生成1-255的x1和y1 , 然後將(ascii(flag[i]),x1,y1)) 寫入 x y中 , 然後將x= x1 , y = y1 第三步是生成1-255的x1和y1 , 然後將(ascii(flag[i]),x1,y1)) 寫入 x y中 … 我們可以看清楚其pattern為 , 寫入的x y為上一個的G 和 B value , 而R value存放的是flag 第n 隻字的ascii值 所以我們可以先找出可能的pixel 和 x y值 code:



取Red value 並由ascii轉為char code:




Comments closed

[H4CK1T]RTFspy – 150pts

Description: Everybody likes to store passwords in txt files? And our guinea pig has gone much further! He has begun to store the information under a signature stamp “TOP SECRET” in them! Prove to him that it isn’t secure. And there are a .zip file. After unzip, there are a .rtf file included: When I open the .rtf file, can see that: We got some information in the head of the file:

Seems like a image has been encrypted. Let me try to decode with hex to text, then I got this: I got it right, it is a png file but I cannot open it correctly. When I scroll it down, I can see that:

That is a file called flag.txt inside this image. So we got: flag.txt is the flag:

Comments closed