HackMIT is an annual hackathon that takes place at Massachusetts Institute of Technology in Cambridge, Massachusetts in early fall. This year, 2023, one way to get automatically admitted was to collect points by individually solving CTF-like admission puzzles and finishing in the Top 50 of hackers. I managed to complete all of the puzzles and will try to assemble step-by-step approaches and solutions for people that want to have an understanding or a deeper understanding of that type of challenges in general and provide a complete walkthrough from the first time seeing the website to solving the last puzzle.
I will be presenting all the solutions in a specific format, which is supposed to represent a sped-up version of my train of thoughts while tackling the specific problem. There will be sections that dive in a little deeper, which you can unfold. The problems that required code to be written additionally include a code branch. I will be embedding tips or recommendations which are supposed to prevent possible mistakes, difficulties or unnecessary excessive time-consumption while working on the respective problem. For some problems, I will add a logs folder that contains text that'd be too long to be put into the explication.
Show Format
| Step | Name | Description |
|---|---|---|
| 1 | First glance | The prompt, description, text or image that initiated the challenge. |
| 2 | First thoughts | Here, I will explicate my intuition when I first faced the problem. |
| 3 | First steps | Sometimes, the most difficult thing is to start. Here, I will show a way how to. |
| 4 | Implementation | After those first steps, it should make sense or even seem simple. I will convert the previous thoughts and steps into a real program / apply them. |
| 5 | Conclusion | I will briefly summarize what we have achieved and learnt. |
Important Note that I didn't specify any prerequisites. I will indeed try to make the approach clear, regardless of the person reading this.
Warning While I will always explain every bit, I highly encourage you to do some in-depth research about and assemble projects within topics that were unknown to you before, as this is the only way to make what you have learnt long-term memorable.
The first interesting thing you noticed after having visited the endpoint is a dodgy-seeming FAQ question and a hidden link which introduce the entrance puzzle. Solving this puzzle led to a ChatGPT themed command center which consisted of following problems.
| Number | Challenge | Points |
|---|---|---|
| 1 | Gaslight – Convincing an LLM (Social Engineering) | 750 |
| 2 | Xd – Finding your way in a number cluster | 1000 |
| 3 | Hackvm – RISC-V32 & x86_64 ELF Reversing (memcmp vulnerability) | 1550 |
| 4 | Bakery – Web-App file upload vulnerability | 1700 |
| 5 | Hackscope – Web-App JWT authentication bypass | 2300 |
| 6 | Vmhack – RISC-V32 & x86_64 ELF Reversing (self-generating code, z3) | 2700 |
| Sum | 10000 |
Note Even though I recommend walking through the problems in the order I provided them, this is not necessary as they all are independent from each other. Still, there will be links in each of the puzzles to the respective next one in order which simplifies navigation.
For the curious ones, the overall official puzzle statistics, published in the HackMIT live-stream. You'll find them here (Statistics.md).
Thank you to the developer team of HackMIT for those great puzzles. I hope you, dear reader, could take something with you, whether you were looking for challenges like the above, for previous HackMIT admission puzzles or were just interested. Thank you for taking the time, see you later! 👋
Anything missing? Typos? Enhancement ideas? Something you want me to explain more meticulously? Not happy? Just let me know, feel free to join the discussion, submit an issue or reach out.
Official HackMIT solutions live stream – I really recommend checking it out.
MIT License