The HTB x Uni CTF 2020 - Qualifiers have just finished and I wanted write-up some of the more interesting challenges that we completed. As with many of the challenges

Cargo Delivery was a Python command line application that uses AES CBC encryption and is vulnerable to a padding oracle attack.

The HTB x Uni CTF 2020 - Qualifiers have just finished and I wanted to write-up some of the more interesting challenges that we completed. As with many of the

SummaryThe ace-of-clubs challenge presented a SSH server on port 9009 that had an easy to guess login. This is followed by a privilege escalation to root in a custom binary

This fun little challenge was solved by our binary exploitation expert: benything. SummaryThe 9-of-clubs challenge is remote binary exploitation challenge. It features a basic command line application that can be

SummaryThe queen-of-hearts challenge was on two ports, 9010 which contained a downloadable Java .jar file and 9008 which was the service that you needed to interact with. Initially it appeared

SummaryThe 7-of-spades challenge is a basic Python web application that lists information about Metasploit modules. It uses a pickle saved in base64 to a cookie that can be modified to

SummaryThe 5-of-clubs challenge was to write a Metasploit module that is uploaded and run on a computer to which you do not have direct access. The module is uploaded along

Metasploit ran another community CTF this year, and we decided to put forward a team. The team ended up bigger than all other teams I've been part of before and