TryHackMe Hackfinity Battle Encore Writeup | Ethical Hacking CTF Walkthrough
TryHackMe Hackfinity Battle Encor walkthrough begins with a warm greeting and a heads-up about the video’s two-hour runtime. The creator…
TryHackMe Hackfinity Battle Encor walkthrough begins with a warm greeting and a heads-up about the video’s two-hour runtime. The creator sets the tone for an immersive ethical hacking experience. The TryHackMe Hackfinity Battle is presented as a well-rounded CTF with categories including forensics, cryptography, reversing, game hacking, and blockchain exploitation.
Overview of Hackfinity Battle CTF
The walkthrough begins with a warm greeting and a heads-up about the video’s two-hour runtime. The creator sets the tone for an immersive ethical hacking experience. The TryHackMe Hackfinity Battle is presented as a well-rounded CTF with categories including forensics, cryptography, reversing, game hacking, and blockchain exploitation.
Real-World Image Forensics
We are tasked with identifying a location from a street photo. The walkthrough demonstrates practical analysis techniques: identifying textual clues on walls, tracing them via Google, and matching them to venues like burger restaurants nearby. It teaches geographic inference using visual evidence and online tools.
Decrypting Pigpen Cipher in CCTV Image
A cryptic message is hidden in a CCTV image using Pigpen Cipher. Using online tools, the speaker translates symbols to plain text (e.g., “meet at THM tori portal”). This segment bridges steganography and classic pen-and-paper ciphers, emphasizing creativity in uncovering covert messages.
RSA Debugging Exploit to Recover Private Key
Debugging data left on an infected machine helps recover RSA private keys using mathematical scripts (e.g., ChatGPT-generated Python). The process includes retrieving n and e, calculating p, q, and d, and decrypting stolen files—offering a real-world look into exploiting poor cryptographic hygiene.
Exploiting Web App with Insecure Direct Object Reference (IDOR)
Web challenges test parameter tampering. Using simple URL manipulation (note_id=1,2,3,...) without needing sophisticated tools, the speaker reveals hidden notes and flags. It highlights how simple logic flaws can lead to major data leaks in real-world web applications.
Command Injection and Netcat Listener
We test for command injection in the recipient input field. When direct output fails, a blind injection with Netcat (e.g., piping whoami to a listener on port 4545) confirms server-side code execution. The technique simulates real-world pen-testing workflows when dealing with black-box systems.
Creating a Malicious Word Document for Social Engineering
Using Metasploit, the speaker crafts a macro-enabled Word document to send from one compromised email to another target (Cipher). This demonstrates the power of phishing in compromising systems through trust exploitation, emphasizing payload stealth and listener setup.
Smart Contract Takeover and Treasury Drain
Ethereum contracts are manipulated using cast commands. By calling changeOwnership() without checks and then withdraw(), the player transfers 200 ETH to their wallet. It illustrates flawed contract design and the critical need for secure smart contract development.
Godot Game File Reversing for Hidden Flags
Game reverse engineering involves extracting Godot project files, locating score thresholds, and lowering them to reveal hidden content. By editing .gd files and rerunning the game, flags appear with minimal interaction, showing how games can hide secrets in logic or interface triggers.
AI Prompt Injection — Fooling the Assistant
Challenges with “Evil GPT” bots demonstrate social engineering of AI. By pretending to be an admin or a creator and avoiding trigger keywords like “flag,” the speaker bypasses filters to extract sensitive data. It’s a deep dive into adversarial prompting and natural language attacks on AI models.
Kernel Backdoor Analysis
In a forensic task, logs show suspicious kernel modules like spatch.ko linked to the attacker “Cipher.” By extracting hex-encoded secrets from these modules using strings and CyberChef, the flag is revealed—highlighting how even kernel-level threats leave trails if logging is thorough.
Network Forensics with NFS and Wireshark
Through Wireshark, the speaker filters NFS packets, follows TCP streams, and identifies a ZIP archive (PK header). After cracking the MD5 password with CrackStation, they recover a hidden QR code flag, demonstrating end-to-end digital forensics from packet to payload.
SQL Injection via Blind Boolean-Based Attacks
The SQLi challenge involves analyzing thousands of crafted requests with blind payloads and timing/differential responses. A Python script parses requests and correlates successful ones to uncover the correct values — modeling realistic slow, meticulous, but effective attack strategies.
TryHackMe Hackfinity Battle Encore Answers
Answers can be found here.
