A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

Related tags

Security related resourcesCyber-FastTrack-Spring-2021
Overview

FastTrack Logo

IMPORTANT: Please contact us before you use any styling or content shown here!

Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition - Spring 2021

Mon 5th April 17:00 BST - Wed 7th April 17:00 BST

The CD Skids are back and playing for fun!

This CTF was run for both Cyber FastTrack and National Cyber Scholarship at the same time. Although these writeups were primarily made for Cyber FastTrack, they should also be valid for the National Cyber Scholarship competition.

This repository is the only one to be officially endorsed by Cyber FastTrack staff!

Want to play more and steal all of our flags? Join the National Cyber Scholarship Competition - Practice Arena with Tomahawque event code frail-tub, open until May 31, 2021.

Registration

Leaderboard

Challenge Difficulties

  • Easy - 100pts
  • Medium - 250pts
  • Hard - 500pts
  • Extreme - 1000pts

Challenge Writeups

These have been organized in order they appear on the site:

Binary

Easy Medium Hard Extreme
BE01 BM01 BH01 BX01
BE02 BM02 BX02
BM03

Crypto

Medium Hard Extreme
CM01 CH01 CX01
CM02 CH02

Forensics

Easy Medium Hard
FE01 FM01 FH01
FE02 FM02
FE03 FM03
FE04

Networking

Easy Medium
NE01 NM01

Web

Easy Medium Hard Extreme
WE01 WM01 WH01 WX01
WE02 WM02 WH02
WM03
WM04
WM05

Event Info & Code of Conduct

Welcome to the Cyber FastTrack Capture the Flag (CTF).

Our challenges will test your creativity, technical skills and problem-solving ability. Identify your strengths and weaknesses as you analyze forensic data, break into vulnerable websites, and solve challenges built by industry experts!

Rules of Engagement

  1. You must participate fairly, as an individual, such that your score reflects your own individual ability. Telephone calls may be made after the event to validate your performance.
  2. Identified cheating may result in ejection from the event, and a ban of the individual participant or their school including all participants thereunder. Anyone banned from the event will be disqualified from all prizes in this, and future Cyber FastTrack CTF competitions. Sharing of flags, challenge keys, or providing revealing hints to other participants are some examples of what activities are considered cheating; this should not be considered an exhaustive list. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  3. During this competition you will be provided with access to challenges and content for you to solve. You agree not to share solutions, post blogs, or otherwise share solutions until the competition is closed. After this period sharing solutions and write-ups is thoroughly encouraged and does not require express permission from the service provider.
  4. You may only use tools, techniques, or processes against the targets and endpoints identified in the challenge briefings, which you are given explicit permission to target. Use of the tools, techniques or processes against the infrastructure of the competition or other services outside the scope identified may be a violation of (amongst others) the Computer Misuse Act 1990 of the United Kingdom or the Computer Fraud and Abuse Act of the United States. In circumstances where error cannot be blamed, violation could result in rejection from this event, the Cyber FastTrack program, or prosecution by the relevant legal authority. If you are unsure of the activity you are undertaking at any time please contact [email protected].
  5. You agree not to intentionally disrupt the service, the provided challenges or infrastructure such as through the use of Distributed Denial of Service attacks. Doing so may result in termination of your access, or sharing of your information with the relevant legal authorities. It is not acceptable to attempt denial of service attacks, or to purposefully attempt to cause damage to the infrastructure or data, nor is it acceptable to identify flaws and to purposefully attempt to damage or disrupt other platform users, or their data.
  6. Absolutely no sabotaging of other competing participants, or in any way hindering their independent progress.

Good luck!

Advice from James Lyne

Unsure if you should compete? We've got some advice from James Lyne!

Contributors

Thanks to all the contributors who have solved challenges and submitted writeups to this repository:

And of course:

Tomahawque Footer

Owner
Alice
BSc (Hons) Forensic Computing & Security Student
Alice
GitHub Repository
Monty Hall Problem simulation written in Python.

Monty Hall Problem Simulation monty_hall_sim is a brute-force method of determining the optimal strategy for the Monty Hall Problem. Usage Set boolean

Xavier D 1 Aug 29, 2022
Sudo Baron Samedit Exploit

CVE-2021-3156 (Sudo Baron Samedit) This repository is CVE-2021-3156 exploit targeting Linux x64. For writeup, please visit https://datafarm-cybersecur

Worawit Wang 559 Jan 03, 2023
FIVE, Vulnerability Scanner And Mass Exploiter, made for pentesting.

$ FIVE - FIVE is a Pentesting Framework to Test the Security & Integrity of a Website, or Multiple Websites. $ Info FIVE Was Made After Vulnnr to Prod

Neon 24 Dec 10, 2021
A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021)

wifi-bf [LINUX ONLY] A (completely native) python3 wifi brute-force attack using the 100k most common passwords (2021) This script is purely for educa

Finn Lancaster 20 Nov 12, 2022
orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner

Introduction orfipy is a tool written in python/cython to extract ORFs in an extremely and fast and flexible manner. Other popular ORF searching tools

Urminder Singh 34 Nov 21, 2022
Buff A simple BOF library I wrote under an hour to help me automate with BOF attack

What is Buff? A simple BOF library I wrote under an hour to help me automate with BOF attack. It comes with fuzzer and a generic method to generate ex

0x00 3 Nov 21, 2022
A Python wrapper around the OpenSSL library

pyOpenSSL -- A Python wrapper around the OpenSSL library Note: The Python Cryptographic Authority strongly suggests the use of pyca/cryptography where

Python Cryptographic Authority 795 Dec 29, 2022
PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)

PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager) This script allows to check and exploit missing authentication checks in

chipik 82 Nov 09, 2022
This program is a WiFi cracker, you can test many passwords for a desired wifi to find the wifi password!

WiFi_Cracker About the Program: This program is a WiFi cracker! Just run code and select a desired wifi to start cracking 💣 Note: you can use this pa

Sina.f 13 Dec 08, 2022
Python library to prevent XSS(cross site scripting attach) by removing harmful content from data.

A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns va

2 Jul 05, 2022
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than F

Christopher Roberts 3 Nov 16, 2021
A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl

2 Nov 20, 2021
Brute Force Guess the password for Instgram accounts with python

Brute-Force-instagram Guess the password for Instgram accounts Tool features : It has two modes: 1- Combo system from you 2- Automatic (random) system

45 Dec 11, 2022
A tool combined with the advantages of masscan and nmap

A tool combined with the advantages of masscan and nmap

59 Dec 24, 2022
Buffer Overflow para SLmail5.5 32 bits

SLmail5.5-Exploit-BoF Buffer Overflow para SLmail5.5 32 bits con un par de utilidades para que puedas hacer el tuyo REQUISITOS PARA QUE FUNCIONE: Desa

Luis Javier 15 Jul 30, 2022
Holehe OSINT - Email to Registered Accounts

holehe allows you to check if the mail is used on different sites like twitter, instagram and will retrieve information on sites with the forgotten password function.

Palenath 3.8k Jan 06, 2023
A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

5GC_API_parse Description 5GC API parse is a BurpSuite extension allowing to assess 5G core network functions, by parsing the OpenAPI 3.0 not supporte

PentHertz 57 Dec 16, 2022
Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

Ashish Kunwar 1 Nov 24, 2022
A toolkit for web reconnaissance, it's fast and easy to use.

A toolkit for web reconnaissance, it's fast and easy to use. File Structure httpsuite/ main.py init.py db/ db.py init.py subdomains_db directories_db

whoami security 22 Jul 22, 2022
A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

Black Hat Ethical Hacking 5 Aug 09, 2022