Writeups

EC2 & RootMe - Challenge réaliste Escalate Me
June 10, 2022
Writeup du challenge réaliste Escalate Me proposé par la plateforme RootMe à l'European Cyber Cup 2022 à Lille.
ctf privilege-escalation web-security writeup
HeroCTF 2021 - Rooter l'infra, for fun and CTF points
May 6, 2021
This writeup describes how I became root on the server hosting the HeroCTF v3 kernel challenges, by exploiting a vulnerable challenge.
heroctf qemu root
FCSC 2021 - Writeups of the introduction category
May 3, 2021
FCSC 2021 - Writeups of the introduction category (Pwn, Crypto, Forensics, Hardware, Reverse, Web)
fcsc intro
FCSC 2021 - Intro - bofbof
May 3, 2021
This challenge will cover a basic stack buffer overflow on the bofbof challenge of the France CyberSecurity Challenge (FCSC) 2021
fcsc intro pwn
FCSC 2021 - Intro - Bonus Points
May 3, 2021
In this challenge you will discover and exploit the unsigned integer overflow vulnerability, to set an arbitrary score in this service.
fcsc intro pwn
FCSC 2021 - Intro - Known Plaintext
May 3, 2021
In this challenge, you will perform an analysis of this XOR cryptosystem to decipher the flag
crypto fcsc intro
FCSC 2021 - Intro - Dérèglement
May 3, 2021
This forensics challenge addresses the DOCX file format, in which a flag is hidden in plaintext.
fcsc forensics intro
FCSC 2021 - Intro - File format
May 3, 2021
This challenge will teach you the basics of the IQ file format, used to save radio frequencies signal captures.
fcsc hardware intro
FCSC 2021 - Intro - guessy
May 3, 2021
In this challenge you will learn how to reverse a basic crackme with several basic validation steps.
fcsc intro reverse
FCSC 2021 - Intro - La PIN
May 3, 2021
This challenge focuses on a weak python script using AES GCM for encrypting the flag.
crypto fcsc intro
FCSC 2021 - Intro - Push it to the limit
May 3, 2021
This web application is vulnerable to an SQL injection in the login page. We will exploit it to bypass the authentication page and extract the administrator password.
fcsc intro web
FCSC 2021 - Intro - Random Search
May 3, 2021
This web application allow us to perform a Stored Cross Site Scripting (XSS) attack. We will use it to retrieve cookies from the administrator and get the flag.
fcsc forensics intro
FCSC 2021 - Intro - Rituel du Boutisme
May 3, 2021
In this forensics challenge we need to find a flag in a disk image. We will need to change the endianness to read the flag with strings.
fcsc forensics intro
FCSC 2021 - Intro - Rituel en Chaine
May 3, 2021
In this forensics challenge, we need to find a flag in a disk image. To do this, we'll use the powerful strings command.
fcsc forensics intro
FCSC 2021 - Intro - Snake
May 3, 2021
This challenge gives us access to a python interpreter and asks us to read the flag.txt. We will read the file, and for fun, open a shell afterwards.
fcsc intro python
FCSC 2021 - Intro - Waterfall
May 3, 2021
A flag was hidden in the spectrogram of this signal. We will open the IQ file and display it as a waterfall to get it !
fcsc intro radio
HeroCTF 2021 - DevOps Box writeup
April 26, 2021
In this challenge, we will attack a DevOps Box, in various steps. We will exploit a Jenkins server to get a user reverse shell and privilege escalation to root using ansible.
box devops heroctf
DVID Writeup 06 - Bluetooth - Characteristics 2
January 25, 2021
This challenge focuses on Bluetooth Low Energy characteristics for IoT devices.
dvid firmware iot
DVID Writeup 05 - Bluetooth - Characteristics
January 25, 2021
This challenge focuses on Bluetooth Low Energy characteristics for IoT devices.
dvid firmware iot
DVID Writeup 04 - Bluetooth - Advertising
January 25, 2021
This challenge focuses on the advertising phase of Bluetooth Low Energy for IoT devices.
dvid firmware iot

1
2
›
»