Writeup du challenge réaliste Escalate Me proposé par la plateforme RootMe à l'European Cyber Cup 2022 à Lille.
This writeup describes how I became root on the server hosting the HeroCTF v3 kernel challenges, by exploiting a vulnerable challenge.
This challenge will cover a basic stack buffer overflow on the bofbof challenge of the France CyberSecurity Challenge (FCSC) 2021
In this challenge you will discover and exploit the unsigned integer overflow vulnerability, to set an arbitrary score in this service.
In this challenge, you will perform an analysis of this XOR cryptosystem to decipher the flag
This forensics challenge addresses the DOCX file format, in which a flag is hidden in plaintext.
This challenge will teach you the basics of the IQ file format, used to save radio frequencies signal captures.
In this challenge you will learn how to reverse a basic crackme with several basic validation steps.
This challenge focuses on a weak python script using AES GCM for encrypting the flag.
This web application is vulnerable to an SQL injection in the login page. We will exploit it to bypass the authentication page and extract the administrator password.
This web application allow us to perform a Stored Cross Site Scripting (XSS) attack. We will use it to retrieve cookies from the administrator and get the flag.
In this forensics challenge we need to find a flag in a disk image. We will need to change the endianness to read the flag with strings.
In this forensics challenge, we need to find a flag in a disk image. To do this, we'll use the powerful strings command.
This challenge gives us access to a python interpreter and asks us to read the flag.txt. We will read the file, and for fun, open a shell afterwards.
A flag was hidden in the spectrogram of this signal. We will open the IQ file and display it as a waterfall to get it !
In this challenge, we will attack a DevOps Box, in various steps. We will exploit a Jenkins server to get a user reverse shell and privilege escalation to root using ansible.
This challenge focuses on Bluetooth Low Energy characteristics for IoT devices.
This challenge focuses on the advertising phase of Bluetooth Low Energy for IoT devices.
In this challenge, you will learn about the dangers of default passwords in IoT devices
In this challenge, we will focus on an extremely common vulnerability, default hardcoded passwords
In this challenge, you will learn how to burn a firmware and interact with the Damn Vulnerable Iot Device (DVID)
The Damn Vulnerable IoT Device (DVID) project is aiming to provide a device to experiment with common attacks on the Internet of Things (IoT)