2024 HuntressCTF - Plantopia

2024-10-22 | #

Summary Plantopia is our brand new, cutting edge plant care management website! Built for hobbiests and professionals alike, it's your one stop shop for all plant care management. Please perform a penetration test ahead of our site launch and let us know if you find anything. Username: testuser Password: testpassword Steps I logged into the application and noticed I had access to swagger and could perform minimal actions with the current user.

Continue reading 


2024 HuntressCTF - Rustline

2024-10-22 | #

Summary Author: @HuskyHacks Jerry: A Redline Stealer. George: Written in Rust. Jerry: A Rusty Redline Stealer. George: A Rusty Redline Stealer, Jerry! We caught a Redline variant executing on an endpoint and intercepted the encrypted files as they traversed the edge proxy. Well, everything except for the flag.txt file (imagine that...). Any chance you could figure out how this thing works and recover the flag? NOTE: Archive password is rustline Steps Upon downloading the challenge files, we are given the application, challenge files and the encrypted files.

Continue reading 


2024 HuntressCTF - HelpfulDesk

2024-10-21 | #

Summary Author: @HuskyHacks HelpfulDesk is the go-to solution for small and medium businesses who need remote monitoring and management. Last night, HelpfulDesk released a security bulletin urging everyone to patch to the latest patch level. They were scarce on the details, but I bet that can't be good... Steps I started the docker instance and noticed that the current version is running 1.1. Navigating to the Security Update Required page, I can download the source code for version 1.

Continue reading 


2024 HuntressCTF - Keyboard Junkie

2024-10-14 | #

Summary Author: @JohnHammond My friend wouldn't shut up about his new keyboard, so... Steps This challenge was a pcap file however, of USB traffic not HTTP traffic as i’m use to. I discovered a utility on github call ctf-usb-keyboard-parserto convert the usb data into hex values. I downloaded the file and followed the instructions. tshark -r ./usb.pcap -Y 'usb.capdata && usb.data_len == 8' -T fields -e usb.capdata | sed 's/../:&/g2' Next, I used the usbkeyboard.

Continue reading 


2024 HuntressCTF - Obfuscation Station

2024-10-13 | #

Summary Author: @resume You've reached the Obfuscation Station! Can you decode this PowerShell to find the flag? Steps Within the .zip file was a file called chal.ps1 and it was an obfuscated script. (nEW-objECt SYstem.iO.COMPreSsIon.deFlaTEStREAm( [IO.mEmORYstreAM][coNVERt]::FROMBAse64sTRING( 'UzF19/UJV7BVUErLSUyvNk5NMTM3TU0zMDYxNjSxNDcyNjexTDY2SUu0NDRITDWpVQIA') ,[io.COmPREssioN.coMpreSSioNmODE]::DeCoMpReSS)| %{ nEW-objECt sYStEm.Io.StREAMrEADeR($_,[TeXT.encodiNG]::AsCii)} |%{ $_.READTOENd()})| & ( $eNV:cOmSPEc[4,15,25]-JOin'') Within my Windows environment, I cleared the Windows PowerShell Event logs and executed the script. I have powershell logging enabled like to let Windows handle the deobfuscation if possible.

Continue reading 