Twitter (https://twitter.com/NahamSec)
flag{e36bc5a67dd2fe5f33b62123f78fbcef}
https://ctf.nahamcon.com/rules
HTML Source flag{90bc54705794a62015369fd8e86e557b}
Discord announcements
Synt{rr907q188039nr543o81sq237o6o6q0o}
CyberChef
Recipe:
rot13
Flag{ee907d188039ae543b81fd237b6b6d0b}
Channel sub-title is the flag.
- UHC-BR
- Red Team Village
- Live Recon Village
- IoT Village
- INE Career Corner
- HTB Village
https://checkout.ine.com/starter-pass
Page inspection = Deep on the page there's this base64 string
echo "ZmxhZ3syOWZhMzA1YWFmNWUwMWU5ZWRjZjAxNDJlNGRkY2RiOX0=" | base64 -d
flag{29fa305aaf5e01e9edcf0142e4ddcdb9}
Dropped in parts over twitter and discord https://twitter.com/hackthebox_eu/status/1371146586391261189 https://discord.com/channels/473760315293696010/477042310467813376
flag{57a3ca8be987fb8b7ea0a72e1124e302}
Hint: https://twitter.com/jon_bottarini/status/1370926690612826112
search for flag{ camouflage font
flag{a0a6cb3b4bc98bf2a34b7aed76aebf53}
$cat esab64
mxWYntnZiVjMxEjY0kDOhZWZ4cjYxIGZwQmY2ATMxEzNlFjNl13X
Cyberchef Recipe:
- Reverse
- From Base64
- Reverse
$strings shoelaces.jpg
flag{137288e960a3ae9b148e8a7db16a69b0}
More than one jpg file concatenated to identify used binwalk and to remove the second file used dd.
$ binwalk pollex.jpg
DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
0 0x0 JPEG image data, JFIF standard 1.01
30 0x1E TIFF image data, little-endian offset of first image directory: 8
334 0x14E JPEG image data, JFIF standard 1.01
364 0x16C TIFF image data, little-endian offset of first image directory: 8
848 0x350 JPEG image data, JFIF standard 1.01
6731 0x1A4B Copyright string: "CopyrightOwner> <rdf:Seq/> </plus:CopyrightOwner> <plus:Licensor> <rdf:Seq/> </plus:Licensor> <dc:creator> <rdf:Seq> <rdf:li>Ste"
6765 0x1A6D Copyright string: "CopyrightOwner> <plus:Licensor> <rdf:Seq/> </plus:Licensor> <dc:creator> <rdf:Seq> <rdf:li>Stevanovic Igor</rdf:li> </rdf:Seq> <"
dd if=pollex.jpg bs=512k | { dd bs=334 count=1 of=/dev/null; dd bs=512k of=trimmed_pollex.jpg; }
Flag printed on the image trimmed_pollex.jpg
flag{65c34alec121a286600ddd48fe36bc00}
file buzz
gunzip buzz
flag{b3a33db7ba04c4c9052ea06d9ff17869}
To decode the VBE script have tried: https://didierstevens.com/files/software/decode-vbe_V0_0_1.zip
But didn't work Google-fu find the tool https://github.com/JohnHammond/vbe-decoder/
flag{f805593d933f5433f2a04f082f400d8c}