Intro​

Around December 2025, I was in the market for a new laptop. My current laptop was alright, my main issue was the relatively small SSD and outdated cpu. Still, it had 16gb of ddr4. Around that same time, I had began doing research into homelabs, and self hosting different services. When Christmas came around and I had a new laptop, instead of retiring the old laptop and letting it collect dust, I opted to re-purpose it into a homelab!

When I began this project, I did not have a concrete plan. However, I did have a starting goal of setting up a minecraft server, and a self-hosted markdown editor. Since I wanted multiple services running, and planned to add more in the future, I wanted to install a type 1 bare-metal hypervisor on the laptop. The hypervisor I chose was Proxmox!

Hardware​

The specifications for my laptop turned homelab are as follows:

AMD Ryzen 7 5700U 16gb DDR4 256gb

Although not typical hardware for this application, this was a way for me to dip my toes in the water.

Installing proxmox​

To install proxmox on my laptop, I first downloaded the ISO from the official proxmox website, and flashed it onto a usb stick with Rufus.

Before continuing, I went through everything on my laptop and backed up all important data to an external ssd. Once that was done, I plugged in the USB, booted into the BIOS, and selected to boot from the usb. The proxmox installation was graphical and straight forward. It allowed me to specifiy my gateway IP, and the static IP for proxmox. After installation was complete, I connected to the web interface by entering the static IP into my browser and specifying the correct port.

Work in progress! Will complete as soon as I have the time.

Challenge information​

CTF@CIT This challenge was in the reverse engineering category, and provided the binary "reallysecurepasswordmanager". The challenge was made by ronnie.

First steps​

The first thing I did was run the binary.

Okay, that's interesting. The only output I get is from option 3, saying "ERROR_NOT_AUTHENTICATED". After seeing the behavior of the binary, I decided to take a look on the inside.

Using binary ninja, I decompiled the file. Once I had it I checked the main() function

From this I found the "ERROR_NOT_AUTHENTICATED" string from before. I noticed that the other functions were simply locked behind being authorized, with the third one functional without any authorization. Explains the behavior seen when I ran the file earlier!

Gaining authorization​

After checking out the main() function, my goal was pretty clear: figure out a way to get authenticated. I scrolled through the functions list looking for anything that could be a clue and stumbled upon the auth() function

Alright, now we're getting somewhere! I quickly noticed a very out of place string, "notronnie". Remembering that the author of this flag was ronnie, i knew i had found something.

This function checks if the user running the file is named "notronnie", and returns 0 if it its true. In the main function that, would give authentication!

Logging into notronnie​

I made the notronnie user and tried it with su -l notronnie, but no luck.

Before I went back to the drawing board, I wanted to try logging in with ssh to see if that would make a difference. (note that i renamed the binary to ./passman for convenience)

This worked! I saw that it printed "Authenticated as: notronnie", so I immediately tried asking for the password to account name flag, and it worked!

FLAG: CIT{mT5zpH0lzIG3}

Conclusion​

This was a fun challenge made that deepened my skills in reverse engineering, and allowed me to practice using binary ninja!