The yearly HackTheBox University CTF 2023: Brains & Bytes was an event for many universities worldwide, in which we as "Hanzehogeschool" placed 19th! Cool web challenges and standard categories, with their signature Fullpwn machines

Post thumbnail
WebReversingXSSLFIRCELinuxMobile+825 points


Fullpwn machine on a Linux environment with Android APK to reverse engineer and exploit the API through XSS and PDF generation. Then escalate privileges with a SSTI and a NodeJS CVE

Post thumbnail
WebScriptingXSSRCE+400 points

Phantom Feed

One of my favorite hard web challenges I've done, combining many different small vulnerabilities into a chain that leads to Remote Code Execution by stealing tokens from a bot and using SSTI

Post thumbnail
WebSQL InjectionRCE+325 points

Nexus Void

Medium C# web challenge with some secrets leftover in compilation artifacts, and a chain of SQL Injection with JSON Deserialization to achieve RCE

Post thumbnail
ScriptingCrypto+625 points

MSS + MSS Revenge

Cryptography challenge creatively using CRT to single out the key that decrypts the flag. The original had an unintended solution after which a patched "MSS Revenge" was created

Post thumbnail
ForensicsReversingCryptoHardware+325 points


Forensics challenge with a lot of Reverse Engineering, extracting files from a router firmware image and then decrypting obfuscated binaries