Hackfest Beginner CTF 2022

Writeup for Hackfest 2022 – Resurrection Edition Beginner CTF: Hackfest CTF

Tracks

• Beginner – AWS (by dax)

  • 01 – AWS whoami (5)
  • 02 – AWS cat mysecrets.txt (6)
  • 03 – AWS ls and cp (7)
  • 04 – AWS mongodump (8)
  • 05 – AWS sudo (9)
  • 06 – AWS curl (10)
  • 07 – AWS python3 my_script.py (6)
  • 08 – AWS docker pull (8)
  • 09 – AWS cat /var/log/* (7)
  • 10 – AWS login (10)

• Beginner – Cipher (by Viper)

  • Base64 (2)
  • Julius (3)

• Beginner – Hash (by Viper)

  • LM (5)
  • MD5 (5)
  • NTLM (5)
  • SHA1 (6)

• Beginner – Linux (by Viper)

  • Hidden File (3)
  • Nmap (7)
  • SSH Key (2)
  • Sudo (4)
  • VIM (5)

• Beginner – SQL (dax)

  • 1 – The Most Basic Form of Injection. (3)
  • 2 – Get the root user. (4)
  • 3 – There is Another User… (5)
  • 4 – What About a Random ID? (6)

• Beginner – Steganography (dax)

  • 1 – Encrypted (5)
  • 2 – An Image is Worth a Thousand Words. (5)
  • 3 – Things Aren’t Always What They Seem. (5)

• Beginner – Trivia (Viper)

  • Movie (2)
  • Personality (2)
  • Ports (2)

• Beginner – Web (Viper)

  • Crawler (3)
  • Find an alternate index. (6)
  • Port Scan (3)

• Beginner – Windows (Viper and h3xit)

  • 01 – New Employees ( Start Here ) (2)
  • 02 – Domo Arigato.. (5)
  • 02 – Welcome Password (5)
  • 03 – Active Directory Attributes (8)
  • 03 – Public User Share (10)
  • 04 – IIS Application Pool Password (15)
  • 04 – Private Share (10)
  • 05 – Workstation Admin (15)
  • 06 – Domain Admin (25)