HACKvent 2018 write-up


Like every year, Christmas time means hacking time! I started the HACKvent journey in 2016 and it already became some sort of tradition. As usual I invested a lot and it was a very stressful time. I would like to thank my family and friends for the patience and the support they brought up. Especially to my wife! 🙂

I also want to thank all of you who participated in discussions and helped finding solutions. It is always a great pleasure to talk to you guys! Big shouts to
 pjslf, veganjay, ludus, rfz, jokker, 0xI, 0x90v1! I hope I didn’t forget anyone!!

HACKvent was great like every year and I would also like to thank Compass Security for organizing it! There were some hick-ups this year and I preferred the 2017 edition most so far. The difficulty was not as hard as last year and the variety and content of the challenges was better in 2017. I also think ten teaser challenges, some of them really hard, which counted to the main score was too much.

And then there was muffinCTF! I love the idea behind it and when it was finally working it was definitely an amazing part of HACKvent. The implementation was not very stable and it didn’t seem finished when it was launched though. MuffinCTF got postponed from day 16 to day 22 and then still buggy. I (We?) lost a lot of time because of this. I understand providing challenges for HACKvent is voluntary and takes a lot of time, probably next to another day job. Thanks for all the effort muffinx! The attack-defense CTF was great but with a bit more testing and maybe support from others, this challenge could have been so much more. Maybe this should be a new, separate hacking-lab event? Yearly summer Attack-Defense CTF FTW!

Lets get to the scoreboard: With all the support I mentioned in the beginning I managed to finish this year as perfect solver! 🙂

Continue reading

HACKvent 2017 write-up

Like every year before Christmas the HACKvent is on! It is a Jeopardy CTF competition in the style of an advent calendar. Every day at 00:00 a new challenge is released. It starts with easy ones and then becomes harder and harder. If you solve a challenge before the next one is released, you’ll get full points. Oh boy, the last couple of days were stressful…

Unfortunately I lost 1 point because I wasn’t able to submit the tamagotchi challenge on time. It was even more frustrating when I’ve found out, that it didn’t work because of a copy/paste error.

Nevertheless, I am very happy with the result as I still managed to finish on the 8th place! 🙂

Continue reading

Sudo insult mode

Insult mode is a funny sudo feature:  Whenever you enter a wrong password sudo insults you.

For enabling the insult mode open the /etc/sudoers file as root and type “insults” at the end of the ‘Defaults’ line. The tags in the ‘Defaults’ line are comma separated. If there is no ‘Defaults’ in your config just write “Defaults insults” to your /etc/sudoers.

Just enter a wrong password when using sudo and see what happens.