Challenges 🎁

Prove your cybersecurity skills

If you are interested in writing your thesis under my supervision, or if you would like to work as a student assistant, distinguish yourself and showcase your genuine interest in cybersecurity, by solving the following challenges.

Challenge 1: Cipher Brute-Force 🔨

Introduction

Dive into the cryptographic realm of symmetric decryption! The message below has been encrypted using a symmetric cipher followed by Base64 encoding. Your mission is to find the key, decrypt the message and find the hidden passcode.

Encrypted Message

hQY2CeLbfweRt1xS5QYyjS73ahWw

Instructions

  1. Identify the cipher used.
  2. Brute-force the key to decrypt the message.
  3. Extract the passcode from the decrypted message.

Hints

  1. The key is alphanumeric and is 4 characters long.
  2. Think of a symmetric cipher that, despite its historic popularity (e.g. in WEP), is now seen in a more cautionary light due to security concerns.
  3. Before diving into decryption, don’t forget to decode!

Challenge 2: Scan Me 🔍

Introduction

For this challenge, you’ll be targeting challenges.cyber.hn. Your objective is to identify open ports and uncover hidden services. Two services await your discovery, offering up passcodes upon successful connection and challenge completion.

Remember, ethical hacking is about knowledge, respect, and permission. Always ensure you have authorization before probing any system. Good luck and happy hunting!

Instructions

  1. Port Scanning: Scan the target to identify open ports.
  2. Service Interaction: Once you identify open ports, try to interact with any service running on it. Some services may reveal interesting information or expect certain commands.
  3. Passcode Retrieval: Your goal is to retrieve the passcode from two services. Use these passcodes as part of your initial contact.

Hints

  1. Not all ports are as commonly used as port 80 or 443.
  2. Sometimes, simple tools like netcat can be your best ally in interacting with obscure services.
  3. Don’t just scan; listen to what the service has to say.
  4. Some services require you to implement some kind of automation. Happy quizzing ;)

Challenge 3: Java Reversing 🔄

Introduction

In this challenge, you’re presented with a simple Java application. Its logic contains a passcode, one that’s hidden behind the veil of obfuscation. Can you dance through the bytecode to retrieve it?

Instructions

  1. Download the Java application A.class.
  2. The application expects a specific passphrase as its command line argument.
  3. Your task is to reverse engineer the application, discover the passphrase, and retrieve the hidden passcode.
  4. Execute the Java application with the correct passphrase to reveal the passcode.

Hints

  1. The Java application might have some misleading codes; not everything might be as it seems.
  2. Explore popular Java decompilers to inspect the bytecode.
  3. Remember, every method in the application has a purpose. Deciphering their functions could be the key.

Good luck, and may the bytes dance in your favor!

© 2023 Prof. Dr.-Ing. Andreas Kurtz
Built with Hugo
Theme Stack designed by Jimmy