Sharing my knowledge on security topic.

View on GitHub
22 September 2021

HacktivityCon 2021

by Devang-Solanki


H@cktivityCon is a conference organised by Hackerone everyear. This was my first ever conference and CTF competition. Even though I had little experience with CTF (Mostly from Tryhackme) I had difficulty solving many problems. I was able to solve some entry level challenge. Here are some writeups for H@ctivityCon CTF which i was able to solve.

Target Practice

We were given a GIF file after opening we can see it has some sort of 2D barcode on it, which changes pretty quick and was looping infinitely. So i decided to slow down the GIF animation, I used lunapic to slow down the animation in GIF. I knew this wired looking 2D barcode were MaxiCode. I recognized this from a video I have watched by Thio Joe on What Are Those Other Weird QR Codes?. I quickly downloaded this Bracode Scanner on my phone and started scaning all frames from the GIF. One of the frame contained this flag. flag{385e3ae5d7b2ca2510be8ef4}



Six Four Over Two

We were given a cipher text which looked like base32 so I decoded it and got the flag



## Buffer Overflow

We were given a source code file containing the follwing code :

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <signal.h>
#include <sys/stat.h>

void give_flag();

void handler(int sig) {
    if (sig == SIGSEGV)

void give_flag() {
    char *flag = NULL;
    FILE *fp = NULL;
    struct stat sbuf;

    if ((fp = fopen("flag.txt", "r")) == NULL) {
        puts("Could not open flag file.");

    fstat(fileno(fp), &sbuf);

    flag = malloc(sbuf.st_size + 1);
    if (flag == NULL) {
        puts("Failed to allocate memory for the flag.");

    fread(flag, sizeof(char), sbuf.st_size, fp);
    flag[sbuf.st_size] = '\0';




int main() {
    char buffer[0x200];

    setbuf(stdout, NULL);
    setbuf(stdin, NULL);

    signal(SIGSEGV, handler);

    puts("How many bytes does it take to overflow this buffer?");

    return 0;

On examining the code we can see a handler() function which print flag stored in a flag.txt file somewhere on the server once the program detects segmentation fault SIGSEV. For causing segmentation fault we have to overflow the buffer variable of size 0x200 (512 in decimal).

└─$ nc 30054  
How many bytes does it take to overflow this buffer? 



Dear Students, here are the questions for your next assignment, please finish them..
If you don't wanna do the assignment you can simply submit the flag which is in the /opt directory, but hah that would be impawsible

1) What is Linux?
2) What is the difference between UNIX and LINUX?
3) What is BASH?
4) What is Linux Kernel?
5) What is LILO?
6) What is a swap space?
7) What is the advantage of open source?
8 ) What are the basic components of Linux?
9) Does it help for a Linux system to have multiple desktop environments installed?
10) What is the basic difference between BASH and DOS?

Also do learn about following linux commands.
> whoami - Prints the user name associated with the current effective user ID.
> pwd - Prints the name of current working directory
> ls - List information about the FILEs (the current directory by default)
> ps - Displays information about a selection of the active processes.
> id - Print user and group information for the specified USER, or (when USER omitted) for the current user.
> echo - display a line of text (sometimes useful to print emotes)
> cat - concatenate files and print on the standard output

Bad Words

user@host:/home/user$ /bin/cat ./just/out/of/reach/flag.txt
/bin/cat just/out/of/reach/flag.txt


user@redlike-44e6479a7e6be38a-6559588cdd-ww42g:~$ ssh -i id_rsa root@
Enter passphrase for key 'id_rsa':
Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.4.120+ x86_64)

 * Documentation:
 * Management:
 * Support:

This system has been minimized by removing packages and content that are
not required on a system that users do not log into.

To restore this content, you can run the 'unminimize' command.

The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

root@redlike-44e6479a7e6be38a-6559588cdd-ww42g:~# ls
root@redlike-44e6479a7e6be38a-6559588cdd-ww42g:~# cat flag.txt