A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

Related tags

Security related resourcesCyber-FastTrack-Spring-2021
Overview

FastTrack Logo

IMPORTANT: Please contact us before you use any styling or content shown here!

Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition - Spring 2021

Mon 5th April 17:00 BST - Wed 7th April 17:00 BST

The CD Skids are back and playing for fun!

This CTF was run for both Cyber FastTrack and National Cyber Scholarship at the same time. Although these writeups were primarily made for Cyber FastTrack, they should also be valid for the National Cyber Scholarship competition.

This repository is the only one to be officially endorsed by Cyber FastTrack staff!

Want to play more and steal all of our flags? Join the National Cyber Scholarship Competition - Practice Arena with Tomahawque event code frail-tub, open until May 31, 2021.

Registration

Leaderboard

Challenge Difficulties

  • Easy - 100pts
  • Medium - 250pts
  • Hard - 500pts
  • Extreme - 1000pts

Challenge Writeups

These have been organized in order they appear on the site:

Binary

Easy Medium Hard Extreme
BE01 BM01 BH01 BX01
BE02 BM02 BX02
BM03

Crypto

Medium Hard Extreme
CM01 CH01 CX01
CM02 CH02

Forensics

Easy Medium Hard
FE01 FM01 FH01
FE02 FM02
FE03 FM03
FE04

Networking

Easy Medium
NE01 NM01

Web

Easy Medium Hard Extreme
WE01 WM01 WH01 WX01
WE02 WM02 WH02
WM03
WM04
WM05

Event Info & Code of Conduct

Welcome to the Cyber FastTrack Capture the Flag (CTF).

Our challenges will test your creativity, technical skills and problem-solving ability. Identify your strengths and weaknesses as you analyze forensic data, break into vulnerable websites, and solve challenges built by industry experts!

Rules of Engagement

  1. You must participate fairly, as an individual, such that your score reflects your own individual ability. Telephone calls may be made after the event to validate your performance.
  2. Identified cheating may result in ejection from the event, and a ban of the individual participant or their school including all participants thereunder. Anyone banned from the event will be disqualified from all prizes in this, and future Cyber FastTrack CTF competitions. Sharing of flags, challenge keys, or providing revealing hints to other participants are some examples of what activities are considered cheating; this should not be considered an exhaustive list. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  3. During this competition you will be provided with access to challenges and content for you to solve. You agree not to share solutions, post blogs, or otherwise share solutions until the competition is closed. After this period sharing solutions and write-ups is thoroughly encouraged and does not require express permission from the service provider.
  4. You may only use tools, techniques, or processes against the targets and endpoints identified in the challenge briefings, which you are given explicit permission to target. Use of the tools, techniques or processes against the infrastructure of the competition or other services outside the scope identified may be a violation of (amongst others) the Computer Misuse Act 1990 of the United Kingdom or the Computer Fraud and Abuse Act of the United States. In circumstances where error cannot be blamed, violation could result in rejection from this event, the Cyber FastTrack program, or prosecution by the relevant legal authority. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  5. You agree not to intentionally disrupt the service, the provided challenges or infrastructure such as through the use of Distributed Denial of Service attacks. Doing so may result in termination of your access, or sharing of your information with the relevant legal authorities. It is not acceptable to attempt denial of service attacks, or to purposefully attempt to cause damage to the infrastructure or data, nor is it acceptable to identify flaws and to purposefully attempt to damage or disrupt other platform users, or their data.
  6. Absolutely no sabotaging of other competing participants, or in any way hindering their independent progress.

Good luck!

Advice from James Lyne

Unsure if you should compete? We've got some advice from James Lyne!

Contributors

Thanks to all the contributors who have solved challenges and submitted writeups to this repository:

And of course:

Tomahawque Footer

Owner
Alice
BSc (Hons) Forensic Computing & Security Student
Alice
GitHub Repository
Check for breached passwords with k-anonymity

passwnd Check for breached passwords with k-anonymity Usage To get prompted to enter the password securely, simply run: passwnd.py Alternatively, you

Nat 1 Feb 08, 2022
MTBLLS Ethical Hacking Tool Announcement of v2.0

MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl

Ghost 2 Mar 19, 2022
PrivateRoom - Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin

privateRoom Make your work private by building a system using arduino which instantly kills a program when someone enters your room/cabin STEPS: Uploa

Divyanshu Kumar 3 Nov 08, 2022
Malware arcane - Scripts and notes on my malware analysis journey

Malware Arcane Repository of notes and scripts I use when doing malware analysis

9 Jun 01, 2022
Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, downloads, history, and more.

ChromePE [Linux/Windows] Chrome Post-Exploitation is a client-server Chrome exploit to remotely allow an attacker access to Chrome passwords, download

Finn Lancaster 3 Oct 05, 2022
IDA Frida Plugin for tracing something interesting.

IDAFrida A simple IDA plugin to generate FRIDA script. Edit template for functions or you can use the default template. Select functions you want to t

PandaOS 133 Dec 24, 2022
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers

CVE-2022-21907 - Double Free in http.sys driver Summary An unauthenticated attacker can send an HTTP request with an "Accept-Encoding" HTTP request he

Podalirius 71 Dec 22, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 08, 2023
IDA Python Script for anti ollvm

IDA Python Script for anti ollvm

Shocker 62 Dec 23, 2022
Official implementation of the paper "Backdoor Attacks on Self-Supervised Learning".

SSL-Backdoor Abstract Large-scale unlabeled data has allowed recent progress in self-supervised learning methods that learn rich visual representation

UMBC Vision 44 Nov 21, 2022
Port scanner tool with easy installation

ort scanner tool with easy installation! Python programming language is used and The text in the program is Georgian 3

2 Mar 24, 2022
"Video Moment Retrieval from Text Queries via Single Frame Annotation" in SIGIR 2022.

ViGA: Video moment retrieval via Glance Annotation This is the official repository of the paper "Video Moment Retrieval from Text Queries via Single F

Ran Cui 38 Dec 31, 2022
#whois it? Let's find out!

whois_bot #whois it? Let's find out! Currently in development: a gatekeeper bot for a community (https://t.me/IT_antalya) of 250+ expat IT pros of Ant

Kirill Nikolaev 14 Jun 24, 2022
Automated tool to find & created Exploit Poc for Clickjacking Vulnerability

ClickJackPoc This tool will help you automate finding Clickjacking Vulnerability by just passing a file containing list of Targets . Once the Target i

Chirag Agrawal 24 Dec 19, 2022
xp_CAPTCHA(白嫖版) burp 验证码 识别 burp插件

xp_CAPTCHA(白嫖版) 说明 xp_CAPTCHA (白嫖版) 验证码识别 burp插件 安装 需要python3 小于3.7的版本 安装 muggle_ocr 模块(大概400M左右) python3 -m pip install -i http://mirrors.aliyun.com/

算命縖子 588 Jan 09, 2023
This repository consists of the python scripts for execution and automation of vivid tasks.

Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.

Prakriti Regmi 1 Feb 07, 2022
This tool ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information that allows them to know in advance if this library complies with processes.

This tool gives developers, researchers and companies the ability to analyze software packages of different programming languages that are being or will be used in their codes, providing information

Telefónica 66 Nov 08, 2022
This is an injection tool that can inject any xposed modules apk into the debug android app

This is an injection tool that can inject any xposed modules apk into the debug android app, the native code in the xposed module can also be injected.

Windy 32 Nov 05, 2022
A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

5GC_API_parse Description 5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supporte

PentHertz 57 Dec 16, 2022
The ultimate Metasploit apk binder with legit apk written in python3

Infector is a python3 based script which is officially made for linux based distro . It binds metasploit payload with original apk with avast antivirus bypassed .

27 Dec 25, 2022