CTF Writeups

Posts in category CTF Writeups

23 posts

Also available in:

EC2 & RootMe - Challenge réaliste Escalate Me

Writeup du challenge réaliste Escalate Me proposé par la plateforme RootMe à l'European Cyber Cup 2022 à Lille.

linux privilege-escalation writeup

June 10, 2022
HeroCTF 2021 - Rooting servers, for fun and CTF points

This writeup describes how I became root on the server hosting the HeroCTF v3 kernel challenges, by exploiting a vulnerable challenge.

linux privilege-escalation web writeup

May 6, 2021
FCSC 2021 - Intro - bofbof

This challenge will cover a basic stack buffer overflow on the bofbof challenge of the France CyberSecurity Challenge (FCSC) 2021

pwn writeup

May 3, 2021
FCSC 2021 - Intro - Bonus Points

In this challenge you will discover and exploit the unsigned integer overflow vulnerability, to set an arbitrary score in this service.

pwn writeup

May 3, 2021
FCSC 2021 - Intro - Known Plaintext

In this challenge, you will perform an analysis of this XOR cryptosystem to decipher the flag

cryptography writeup

May 3, 2021
FCSC 2021 - Intro - Dérèglement

This forensics challenge addresses the DOCX file format, in which a flag is hidden in plaintext.

forensic writeup

May 3, 2021
FCSC 2021 - Intro - File format

This challenge will teach you the basics of the IQ file format, used to save radio frequencies signal captures.

radio-frequencies windows

May 3, 2021
FCSC 2021 - Intro - guessy

In this challenge you will learn how to reverse a basic crackme with several basic validation steps.

reverse writeup

May 3, 2021
FCSC 2021 - Intro - La PIN

This challenge focuses on a weak python script using AES GCM for encrypting the flag.

cryptography writeup

May 3, 2021
FCSC 2021 - Intro - Push it to the limit

This web application is vulnerable to an SQL injection in the login page. We will exploit it to bypass the authentication page and extract the administrator password.

sql-injections writeup

May 3, 2021
FCSC 2021 - Intro - Random Search

This web application allow us to perform a Stored Cross Site Scripting (XSS) attack. We will use it to retrieve cookies from the administrator and get the flag.

web writeup

May 3, 2021
FCSC 2021 - Intro - Rituel du Boutisme

In this forensics challenge we need to find a flag in a disk image. We will need to change the endianness to read the flag with strings.

forensic writeup

May 3, 2021
FCSC 2021 - Intro - Rituel en Chaine

In this forensics challenge, we need to find a flag in a disk image. To do this, we'll use the powerful strings command.

forensic writeup

May 3, 2021
FCSC 2021 - Intro - Snake

This challenge gives us access to a python interpreter and asks us to read the flag.txt. We will read the file, and for fun, open a shell afterwards.

pyjail writeup

May 3, 2021
FCSC 2021 - Intro - Waterfall

A flag was hidden in the spectrogram of this signal. We will open the IQ file and display it as a waterfall to get it !

radio-frequencies writeup

May 3, 2021
HeroCTF 2021 - DevOps Box writeup

In this challenge, we will attack a DevOps Box, in various steps. We will exploit a Jenkins server to get a user reverse shell and privilege escalation to root using ansible.

privilege-escalation windows

April 26, 2021
DVID Writeup 06 - Bluetooth - Characteristics 2

This challenge focuses on Bluetooth Low Energy characteristics for IoT devices.

hardware radio-frequencies writeup

January 25, 2021
DVID Writeup 05 - Bluetooth - Characteristics

This challenge focuses on Bluetooth Low Energy characteristics for IoT devices.

hardware radio-frequencies writeup

January 25, 2021
DVID Writeup 04 - Bluetooth - Advertising

This challenge focuses on the advertising phase of Bluetooth Low Energy for IoT devices.

hardware radio-frequencies writeup

January 25, 2021
DVID Writeup 03 - Firmware - Default password

In this challenge, you will learn about the dangers of default passwords in IoT devices

hardware writeup

January 25, 2021
DVID Writeup 02 - Firmware - Hardcoded password

In this challenge, we will focus on an extremely common vulnerability, default hardcoded passwords

hardware writeup

January 25, 2021
DVID Writeup 01 - Hardware - Find the Datasheet

In this challenge, you will learn how to burn a firmware and interact with the Damn Vulnerable Iot Device (DVID)

hardware writeup

January 25, 2021
Damn Vulnerable IoT Device (DVID) writeup series

The Damn Vulnerable IoT Device (DVID) project is aiming to provide a device to experiment with common attacks on the Internet of Things (IoT)

hardware radio-frequencies writeup

January 25, 2021

Posts in category CTF Writeups

EC2 & RootMe - Challenge réaliste Escalate Me

HeroCTF 2021 - Rooting servers, for fun and CTF points

FCSC 2021 - Intro - bofbof

FCSC 2021 - Intro - Bonus Points

FCSC 2021 - Intro - Known Plaintext

FCSC 2021 - Intro - Dérèglement

FCSC 2021 - Intro - File format

FCSC 2021 - Intro - guessy

FCSC 2021 - Intro - La PIN

FCSC 2021 - Intro - Push it to the limit

FCSC 2021 - Intro - Random Search

FCSC 2021 - Intro - Rituel du Boutisme

FCSC 2021 - Intro - Rituel en Chaine

FCSC 2021 - Intro - Snake

FCSC 2021 - Intro - Waterfall

HeroCTF 2021 - DevOps Box writeup

DVID Writeup 06 - Bluetooth - Characteristics 2

DVID Writeup 05 - Bluetooth - Characteristics

DVID Writeup 04 - Bluetooth - Advertising

DVID Writeup 03 - Firmware - Default password

DVID Writeup 02 - Firmware - Hardcoded password

DVID Writeup 01 - Hardware - Find the Datasheet

Damn Vulnerable IoT Device (DVID) writeup series