tkh4ck.github.io

Personal website and blog of tkh4ck

View on GitHub

CyberQuest 2025 - Investing Tips

Description

Ever wanted to be FILTHY rich?! C’mon, you can be honest! It’s just between me and you… There we go. Me too! And I realized there isn’t enough pump and dump crypto scams I mean real investing tips in the world. This is why I created THE BEST BLOG for you! Go and have a read. Share stories of how you got rich. And the best part? Anyone can share their stories. And if I like it? Entertain the readers with high quality investing tips and make yourself rich. The best articles will be honored.

PS: Once Eve posts a post, an admin checks the site for abuse.

Remarks from the author:

  • the challenge requires no endpoint/credential brute-forcing
  • VPN connection is required
  • the challenge runs on a single port
  • due to the resource heavy nature of this challenge, certain rate limits and PoW techniques were implemented. Please don’t try to circumvent those, those are just there to keep the fun for everyone. Not part of the solution.
  • works on a best effort basis. If you think things suddenly broke down, let us know!

Flag format: CQ25{...}

Challenge difficulty: medium

The special infrastructure for the challenge was provided by the Neumann Faculty of Óbuda University. Many thanks for that!

By MJ - Contact me on Discord with the same nick if you think you found an issue or open a ticket in #help-tickets.

cq25-challenge0[1-9]-a.cq.honeylab:8082

Metadata

Solution

I was not able to solve this challenge, there were only two solves, Deathbaron’s write-up is available here:

https://github.com/mullerdavid/ctf_writeups/tree/master/cyberquest25/Online_Misc_Investing_Tips

I was able to get the instructions of the models and create an XSS payload, but I was unable to get the flag during the CTF.