Hack the Boo (22–27 Oct, 2022)

Hack the Boo is a CTF created by Hack the Box in celebration of Cybersecurity Month and Halloween.

Reversing #1 — Cult Meeting

I started by using netcat to connect to the docker.

After that I checked out the file we were given for download. Looking through, I noticed this line right here:

It looks like I spawned a shell. I was able to look around and saw the flag right away:

Forensics #1 — Wrong Spooky Season

This one is a Wireshark challenge:

If you look through the tcp stream, you can see that eventually they installed socat and did a few other sketchy things:

But if you look through Stream 14, you can eventually see this command here:

They transferred some text in Base 64, but it was reversed. From here you can just grab that text and then rev and decode it to get the flag:

Pwn #1 — Pumpkin Stand

I’m going to be honest here, it took me like 30 seconds to solve this and I had no idea what I was doing. I just randomly input some numbers I thought would get me an interesting result.

I didn’t even look at the included downloads.

I was going for a buffer overflow situation, but it looks like it was actually an integer overflow, according to the text from the flag.

Unfortunately I only had time to play the first day of the CTF. New challenges from each category were released every 24 hours. I did have a lot of fun on Day 1 though!



CTF Writeups to facilitate cyber education.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store