h1-ctf: H1 Hackyholidays CTF - The Grinch was defeated

The following writeup will underline all the steps and tools used to solve the 12 challenges of the H1 Holidays CTF. The theme of the competition was the Grinch. How it is possible to read from the competition blog post https://www.hackerone.com/blog/12-days-hacky-holidays-ctf , the goal was to...

h1-ctf: HackyHolidays H1 CTF Writeup

HackyHolidays Day 1 Once the CTF started and the Grinch released the scope hackyholidays.h1ctf.com, I started the CTF by a good old Nmap scan, to see whats running on the server. So the nmap command looked like nmap -sC -sV -oA nmap hackyholidays.h1ctf.com/. The result showed a promising entry...

h1-ctf: 12 Days of CTF Walkthroughs

h1-ctf: 12 Days of Hacky Holidays This is my writeup for 12 Days of Hacky Holidays. The report is written such that beginners to CTFs will be able to learn the tricks of the trade. The Mission: The Grinch has gone hi-tech this year with the intention of ruining the holidays 😱We need you to...

h1-ctf: Hacky Holidays Writeup

On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was In Scope Domain - hackyholidays.h1ctf.com Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will be going through all the...

h1-ctf: [h1-ctf] 12 Days of Adventure to stop Grinch from ruining Christmas

--------------------------------------------------------------------------------------------------------------------------------------------------- Day 1: https://hackyholidays.h1ctf.com/robots.txt User-agent: Disallow: /s3cr3t-ar3a Flag: flag48104912-28b0-494a-9995-a203d1e261e7 Here we go with t...

h1-ctf: Taking Grinch Down To Save Holidays

Hi thank you Hackerone and Adam for organizing the CTF, this had honestly helped me to learn good skills and techniques. The CTF began with the scope: hackyholidays.h1ctf.com and mission to take down grinch So here's a quick visual summary of all the challenges F1131175 F1131176 1. Grinch Robots ...

h1-ctf: Grinch Networks compromised!

Grinch Networks compromised! For fast triage/validation and inspired by @manoelt in other CTF, I made a bash script to find and print all the 12 flags of this CTF. The script uses curl, wget, google-chrome headless for flag 2, unzip, grep and sed. If any of these commands is missing, the script...

h1-ctf: Complete destruction of the Grinch server

Hackyholidays flag 1 First flag is just a matter of reading /robots.txt file: User-agent: Disallow: /s3cr3t-ar3a Flag: flag48104912-28b0-494a-9995-a203d1e261e7 flag 2 Visiting /s3cr3t-ar3a and opening it with developer tools gets the second flag: flagb7ebcb75-9100-4f91-8454-cfb9574459f7 It is...

h1-ctf: Hackyholidays CTF writeup

Writeup for the hackyholidays CTF This CTF consisted of 12 challenges released daily in the 12 days leading up to christmas. The goal was to stop the Grinch from ruining christmas by slowly destroying the apps that he used to terrorize Santa and his elfs. The challenges were: 1. Robots.txt 2. DOM...

h1-ctf: h1 hacky holidays CTF solution

Simple script to print all the flags. Full solution to follow want to spend more time writing this, but am racing to be first 10 submissions: echo "Flag 1 -- robots.txt" curl https://hackyholidays.h1ctf.com/robots.txt 2/dev/null | grep flag echo "" echo "Flag 2 -- js descrambed --...