© 2025. All rights reserved.
© 2025. All rights reserved.
I år igjen er vi i HeltSikker vert for en spennende CTF-konkurranse under HordaLan!
HordaHACK vil foregå fra 22.-25. februar i Sotrahallen!
Her vil du få muligheten til å teste datasikkerhet-kunnskapene dine, og tilegne deg nye! Vi gleder oss, og håper å se deg der! :) :)
Now that we finally gained access, we can start our mayhem. Let’s change gifts in the db, so that everyone gets coal! The access point to the db is a simple interface that lets us query a name and in return get the gift for that name. If it only had more functionality. I guess they don’t want anyone modifying the database entries.
Have both files in same dir, and launch by running: java -jar SantasDB-1.0-SNAPSHOT.jar
We found the access point to the database that stores everyone’s gifts, but it is password protected. We intercepted some messages being sent across their WiFi and we think there may be a hint to the password hidden in the messages, can you decipher them. Their WiFi setup is really old what a cheapskate. I think the first message is the flag we are looking for. The flag looks like this HSCTF{xxxxx_xxxxxxxxx}.
Message 1: 3a342322220d05040a414868565f471e Message 2: 1f0212041d290b090a5a4243585646
“OK, we found Santa’s location and I have started breaking into their systems. I found this weird zip file, but the first layer seems to be password protected. We found a hint that it is a 4 number pin encrypted with AES-256. can you get into it? I think it may contain a clue to finding the database with the presents.
Solution week 1: HSCTF{north_pole_alaska}”