t474-r0b07/ctf-writeups

``` ██████╗████████╗███████╗ ██╔════╝╚══██╔══╝██╔════╝ ██║ ██║ █████╗ ██║ ██║ ██╔══╝ ╚██████╗ ██║ ██║ ╚═════╝ ╚═╝ ╚═╝ ██╗ ██╗██████╗ ██╗████████╗███████╗██╗ ██╗██████╗ ███████╗ ██║ ██║██╔══██╗██║╚══██╔══╝██╔════╝██║ ██║██╔══██╗██╔════╝ ██║ █╗ ██║██████╔╝██║ ██║ █████╗ ██║ ██║██████╔╝███████╗ ██║███╗██║██╔══██╗██║ ██║ ██╔══╝ ██║ ██║██╔═══╝ ╚════██║ ╚███╔███╔╝██║ ██║██║ ██║ ███████╗╚██████╔╝██║ ███████║ ╚══╝╚══╝ ╚═╝ ╚═╝╚═╝ ╚═╝ ╚══════╝ ╚═════╝ ╚═╝ ╚══════╝ ``` ``` $ whoami > t474_r0b07 $ cat /etc/mission > n0 3st0y 4qu1 p4r4 d4rt3 l4 fl4g. > 3st0y 4qu1 p4r4 m0str4rt3 c0m0 p3ns3 p4r4 ll3g4r 4 3ll4. $ echo $REPO > [🔴 LIVE] writeups · errores incluidos · en español ``` ## `> cat manifesto.txt` ``` this is not a solution repo. the 2-hour rabbit holes. ← those are in here. the hypotheses that blew up. ← those too. the exact moment it clicked. ← especially those. if you want copy-paste → wrong repo. if something in your head says you can go further — keep reading. ``` ## `> ls -la writeups/` ``` PLATFORM STATUS NOTES ──────────────────── ─────────────── ───────────────────────────── 0verTh3W1re/ ├─ 🟢 B4nd1t/ ✅ [34/34] d0ne. n0 l00k1ng b4ck. ├─ 🟢 L3v14th4n/ ✅ [08/08] d0ne. s4me. ├─ 🟢 N4rn14/ ✅ [12/12] st4ck. h34p. 3ntr0n0. d0ne. └─ 🔴 B3h3m0th/ [00/??] // n3xt t3rr1t0ry. unkn0wn d3pth. p1c0CTF/ ├─ 🔴 f0r3ns1cs easy [██████████] 100% ├─ 🟡 f0r3ns1cs medium [████████░░] 80% └─ 🟠 f0r3ns1cs hard [██░░░░░░░░] 20% 🔴 TryH4ckM3/ [██░░░░░░░░] active · 10 wr1t3ups l1v3 🕐 H4ckTh3B0x/ [███░░░░░░░] active · 35% · blu3t34m ❓ [R3D4CT3D]/ // ????????? → github.com/t474-r0b07/t474 ``` ## `> cat methodology.txt` ``` + every writeup · same map · always: [RECON] what I saw first [HYPOTHESIS] what I thought it was [ATTEMPTS] what I tried. what failed. all of it. [BREAK] the exact moment it clicked [FLAG] the result [REFLECTION] what I'd do differently - [ATTEMPTS] is where the real learning lives. - not in the flag. - n3v3r 1n th3 fl4g. ``` ## `> ./t00lk1t.sh` ``` [+] loading tools... 🔍 RECON ──→ nmap · gobuster · ffuf · whatweb · ltrace 🖼️ ST3G ──→ binwalk · steghide · exiftool · strings · xxd 🔐 CRYPT0 ──→ CyberChef · hashcat · john · openssl 🌐 W3B ──→ burpsuite · curl · wfuzz · sqlmap 💥 B1N4RY ──→ gdb · pwntools · python3 · objdump 🛠️ M1SC ──→ netcat · wireshark · tcpdump [+] t00ls l04d3d. [+] l3t's g0. 🔴 ``` ## `> tail -f progress.log` ``` 🟢 OTW Bandit [██████████] done · 34 levels 🟢 OTW Leviathan [██████████] done · 8 levels 🟢 OTW Narnia [██████████] done · 12 levels · st4ck · h34p · 3nv 🔴 OTW Behemoth [░░░░░░░░░░] 00/?? · // initializing... 🔴 picoCTF [████████░░] active · forensics 🔴 TryHackMe [██░░░░░░░░] active · 10 writeups live 🕐 HackTheBox [███░░░░░░░] active · 35% · blueteam ⚠️ CVE [░░░░░░░░░░] endgame ←←← ``` ## `> cat origin.txt` ``` it all started with a book. a cipher. a shift of 3. BNMSDMSN CD BNMNBDQRD that was the first lock I ever opened. I didn't know I'd spend the rest of my time looking for more locks. this repo is what came after. ``` ## `> echo $SIGNAL` ``` $ echo $MINDSET > the flag was never the point. > the point is knowing you could get it. $ echo $LOGIC > m1 l0g1c 1s und3n14bl3. ``` ## `> tail -n 1 /var/log/sys.log` ``` [♟] 49 74 20 69 73 20 6e 6f 74 20 61 62 6f 75 74 20 74 68 65 20 64 65 73 74 69 6e 61 74 69 6f 6e 2e 20 49 74 20 69 73 20 61 62 6f 75 74 20 74 68 65 20 77 61 79 20 79 6f 75 20 6d 6f 76 65 2e ```

// h3ll0 fr13nd — 1f y0u f0und th1s, y0u w3r3 l00k1ng

``` ██╗ ██╗███████╗██╗ ██╗ ██████╗ ██║ ██║██╔════╝██║ ██║ ██╔═══██╗ ███████║█████╗ ██║ ██║ ██║ ██║ ██╔══██║██╔══╝ ██║ ██║ ██║ ██║ ██║ ██║███████╗███████╗███████╗╚██████╔╝ ╚═╝ ╚═╝╚══════╝╚══════╝╚══════╝ ╚═════╝ ███████╗██████╗ ██╗███████╗███╗ ██╗██████╗ ██╔════╝██╔══██╗██║██╔════╝████╗ ██║██╔══██╗ █████╗ ██████╔╝██║█████╗ ██╔██╗ ██║██║ ██║ ██╔══╝ ██╔══██╗██║██╔══╝ ██║╚██╗██║██║ ██║ ██║ ██║ ██║██║███████╗██║ ╚████║██████╔╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚══════╝╚═╝ ╚═══╝╚═════╝ // y0u kn0w wh0 s41d th1s f1rst. // th3 0n3s wh0 s33 th1ngs d1ff3r3ntly // 4r3 th3 0n3s wh0 br34k th1ngs d1ff3r3ntly. ```