This reversing challenge presents a stripped x86-64 ELF binary alongside an encoded text file. The objective is to reverse-engineer the encoding mechanism used to obfuscate the hidden message and recover the flag. The challenge combines basic reverse engineering skills with cryptographic analysis, specifically involving Base64 decoding and XOR cipher cryptanalysis. The challenge tests fundamental skills in: Binary analysis and reverse engineering…

This challenge presents an Android APK file for a rewards application called "Magic Snowfall Rewards". The application implements a tiered rewards system where users can collect "snowfall points" and progress through different membership tiers. The highest tier, "Aurora VIP", grants access to an exclusive reward - the CTF flag. The core vulnerability in this challenge lies in an insecure implementation of an Android BroadcastReceiver.

This challenge presents an Android APK file (FrozenGift.apk) that implements a tiered membership system for a fictional "Frozen Gift Shop". The application features two membership tiers: Snowflake Basic - The default tier for all users Frost King - A premium tier that grants access to a hidden flag/reward The core vulnerability lies in the application's implementation of a JavaScript Bridge in a debug WebView activity.

This challenge involves reverse engineering an Android banking application (Ebank.apk) to discover and access a hidden "Premium" feature that contains a multi-part obfuscated flag. The challenge demonstrates a classic Android security vulnerability known as Intent Redirection (also called Intent Hijacking or Unauthorized Intent Access). The flag is split into 5 parts, each protected by different obfuscation techniques: Part 1: Hex-encoded and reversed string…

I have just owned challenge Sabotage from Hack The Box

A maximum severity Content-Type confusion vulnerability in n8n enables unauthenticated attackers to read arbitrary files, forge admin access, and execute remote commands. On January 7, 2026, security researchers disclosed details of a critical vulnerability in n8n, one of the most popular open-source workflow automation platforms with over 103,000 instances deployed worldwide. The vulnerability, tracked as CVE-2026-21858 and codenamed "Ni8mare"

In this Sherlock scenario, we are tasked with investigating a high-priority incident on a secondary MongoDB server named mongodbsync. The administrator suspects a compromise linked to a vulnerability called "MongoBleed" (CVE-2025-14847). We are provided with a triage acquisition collected via UAC (Unix-like Artifacts Collector). The "MongoBleed" vulnerability implies a memory leakage issue similar to the famous Heartbleed bug.

I have just solved sherlock MangoBleed from Hack The Box

This challenge is a classic mobile application static analysis task. You are given an Android APK that looks like a harmless help center application. The intended learning objective is to recognize that mobile apps are often shipped with hardcoded secrets (API keys, tokens, endpoints) and that these secrets can be recovered by decompiling the APK. In this challenge, the developers embedded an admin authentication token inside the application code.

PHANTOM presents an “elliptic curve PRNG” that claims to be secure because the Elliptic Curve Discrete Logarithm Problem (ECDLP) is hard. The service exposes: Elliptic curve parameters and two public points G and Q Several truncated PRNG outputs An encrypted flag that uses the 5th PRNG output as the key At first glance this looks like “break ECDLP on a 192-bit curve”, which is not realistic during a CTF.

This cryptography challenge presents us with a ciphertext encrypted using a linear transformation function. The challenge description explicitly hints that the encryption is "a function, not a shift," which immediately suggests an affine cipher rather than a simple Caesar cipher. The affine cipher is a type of monoalphabetic substitution cipher that uses a mathematical function to encrypt plaintext, making it more complex than a simple shift cipher but still vulnerable to brute force attacks due to the limited keyspace.

This challenge exploits CVE-2025-55182, a critical Remote Code Execution (RCE) vulnerability affecting React Server Functions as implemented in Next.js applications. The vulnerability, colloquially known as "React2Shell", stems from insecure prototype references during the deserialization of React Flight Protocol chunks. The React Flight Protocol is used for serialization of values passed to Server Functions, which act as a form of RPC-over-HTTP. The vulnerability allows an attacker to achieve arbitrary code execution on the server by crafting malicious serialized chunks that exploit JavaScript prototype chain manipulation.

This challenge presents a classical cryptography problem involving the Playfair cipher, one of the first practical digraph substitution ciphers invented by Charles Wheatstone in 1854. The Playfair cipher encrypts pairs of letters (digraphs) rather than single letters, making simple frequency analysis significantly more difficult compared to monoalphabetic substitution ciphers. The cipher uses a 5x5 matrix constructed from a keyword, where the letters I and J are typically combined to fit the 25-letter grid.

This forensic challenge provides a single capture file (chall.pcap) from an industrial sensor network. The story is that the network has been compromised and the attacker is “hiding” something inside the traffic. From a defender’s perspective, this is a classic incident-response / network-forensics problem: Identify the protocols and communication patterns. Find anomalies (timing, packet sizes, “malformed” protocol decodes, rare message variants).

The forensics challenge name "HBH" is a direct hint pointing to IPv6 Hop-by-Hop Options Header, one of the extension headers defined in the IPv6 protocol (RFC 8200). The Hop-by-Hop Options Header is an IPv6 extension header that carries optional information that must be examined by every node along a packet's delivery path. It is identified by the Next Header value of 0 in the IPv6 header.

I have just owned challenge Vessel Cartographer from Hack The Box

I have just owned challenge ShadowLabyrinth from Hack The Box

This challenge is a follow-up to "orakel-von-hxp" and presents a bare-metal ARM Cortex-M3 exploitation scenario running on QEMU's lm3s6965evb machine emulation. The target firmware implements a simple "oracle" service that accepts user questions via UART0, processes them, and provides responses. The key difference from the predecessor challenge is a custom QEMU patch that modifies the PL011 UART peripheral behavior. This patch introduces an…

This challenge presents a bare-metal ARM Cortex-M3 firmware running on QEMU's lm3s6965evb board emulation. The firmware implements an "oracle" service that reads user input via UART0 and uses a Mersenne Twister PRNG to provide "answers" by reading from pseudo-random memory locations. The key insight is that the flag is continuously transmitted on UART1, but user interaction only occurs on UART0. Players must find a way to bridge the two serial interfaces.

This challenge presents a classic shellcoding problem with a twist: instead of writing shellcode to spawn a shell or read a file, we must write ultra-compact x86-64 shellcode that performs Base64 decoding. The challenge runs our shellcode inside the Unicorn CPU emulator and verifies that our decoder correctly transforms a randomly generated Base64-encoded secret back to its original bytes. The core constraint is brutally simple but difficult to achieve:

This challenge presents a Web3-based NFT access control system combining: A Solidity ERC1155 NFT Registry (NftRegistry.sol) - A smart contract that manages NFT sales with different price tiers A Python Flask Backend (challenge.py) - A web service that grants access to NFT image data based on transaction history The core concept is that users can only access NFT images if they can prove ownership through a transaction receipt containing a…

The "heist" challenge presents a custom multivariate quadratic (MQ) signature scheme. We are provided with a public key consisting of 42 quadratic polynomials in 123 variables over the field GF(256). The goal is to forge a valid signature for a message provided by the server. The signature verification process checks if evaluating the public polynomials on the signature (interpreted as a vector) yields the hash of the message (plus a counter).

The "worrier" challenge presents a cryptosystem based on isogenies between elliptic curves over a finite field. The security relies on the hardness of recovering a secret scalar used in a linear combination of torsion points, obscured by an "error" term. The setup involves two isogenies φ: E₀ → E₁ and ψ: E₁ → E₂ of degree 3^n₃. The core of the challenge is to recover a secret tuple μ = (μ₁, μ₂) which is used to derive an AES key.

"Dateiservierer2" is a web exploitation challenge that involves a Go-based file server application. It is a sequel to "Dateiservierer", sharing the same core architecture but introducing a mitigation attempt in the form of environment variable filtering. The application is split into two parts: a frontend that manages user sessions and spawns backend processes, and a backend that serves files or proxies HTTP requests.

"Dateiservierer" is a web challenge written in Go that acts as a file server and proxy. The application consists of two main components: Frontend (frontend.go): Handles user sessions, spawns backend processes (ds), and proxies requests to them via Unix domain sockets. Backend (ds.go): The actual file server that reads files or fetches URLs and serves the content back to the user.