Write-ups for various challenges from the 2021 HackTheBox 2021 Christmas CTF.
During the competition period, which was held from 01 Dec 2021 13:00 UTC until 05 Dec 2021 19:00 UTC, I placed 295th out of 8094 (top 3.6%) with a score of 3325/7875 points and 11/25 challenges solved.
I have solved and written a writeup for all Web, Crypto, and Forensics. I did not solve or write guides for any Pwn or Reversing challenges.
- Toy Workshop (Stored XSS)
- Toy Management (SQL Injection)
- Gadget Santa (Command Injection)
- Elf Directory (PHP File Confusion)
- Naughty or Nice (JWT "RS256 to HS256" then
nunjucksSSTI)
- Common Mistake (RSA Common Modulus Attack)
- Meet Me Halfway (Double AES Meet-in-the-middle Attack)
- XMAS Spirit (Affine Cipher Bruteforce)
- Missing Reindeer (Small RSA Public Exponent Attack)
- Warehouse Maintenance (Hash Length Extension Attack)
- baby APT (PCAP of Command Injection)
- Honeypot (Memory Dump, Attacker Connected)
- Persist (Memory Dump, Persistent Virus)
- Giveaway (Word Macro Malware)
- Ho Ho Ho (PCAP with Hidden Ethereum Address)
- Mr Snowy (Did Not Solve)
- Sleigh (Did Not Solve)
- Naughty List (Did Not Solve)
- Minimelfistic (Did Not Solve)
- Music Notes (Did Not Solve)
- Infiltration (Did Not Solve)
- Gift Wrapping (Did Not Solve)
- Intercept (Did Not Solve)
- Upgraded (Did Not Solve)
- Bamboozled (Did Not Solve)
