[NEWS] – Hexpresso is now on Github
WE ARE NOW ON GITHUB. Need more informations ? Visit : http://hexpresso.github.io/
QUALS_NDH 2K15 | CRACKMEPRIME REVERSE 150 [WRITEUP]
This task is a Crackme/Reverse task worth 150 points from the Nuit du Hack qualifications. We are given an ELF : This task was not particularly hard, but we solved it in an interesting way. As usual, we start by opening the crackme in IDA. We quickly notice that it expects a serial number in […]
QUALS_NDH 2k15 | FaceBox WEB 100 [WRITEUP]
This task is a web task worth 100 points from the Nuit du Hack qualifications. Its name should have been « guest fest » We are given a website, where you can upload files. There are already a few files uploaded : confidentials.txt, which is private, and paste01.txt. Both have been uploaded by the same user. We […]
QUALS_NDH 2k15 |SECURE AUTH EXPLOIT 350 [WRITEUP]
This task is an exploit task worth 350 points from the Nuit du Hack qualifications. We are given the following Python code : This scripts connects to a server (151.80.18.93, port 4241). The servers sends us a challenge. It will be used as a salt to hash our password. We then try to login with […]
QUALS_NDH 2k15 | GAME OF LIFE CRYPTO 150 [WRITEUP]
I wrote this writeup because I have seen some guys doing this challenge by using XORTOOL, but without understanding … mister X | python xortool.py cipher.txt; cat xortool_out/000.out mister X | So hardcore That’s why I’ll try to give you a real explaination of « why xortool have worked » So, for this challenge, we were given […]
QUALS_NDH 2k15 | UPDATOR EXPLOIT 200 [WRITEUP]
This task is an exploit task worth 200 points from the Nuit du Hack qualifications. We are given a website with a login form, and a link to an other page : update.py Thxer’s first idea was to look for pyc files. We then decompiled update.pyc with uncompyle: You know what is fun in challenges […]
QUALS_NDH 2k15 | Facesec WEB 100 [WRITEUP]
This task is a web task worth 100 points from the Nuit du Hack qualifications. We are given a website that lets you upload txt files for a cover letter, and a motivation letter. (cv.txt, motiv.txt) It is also possible to a tar file containing both files. Once you uploaded them, you can see them […]
QUALS_NDH 2k15 | PDFCeption MISC 500 [WRITEUP]
Well, we don’t validate this challenge at time, but few secondes after the end … We just explain a quick way to do because this shitty challenge does not deserve a nice writeup. We were given a .vdi and a file called « lastdump ». This file was supposed to be encrypted (LUKS) but it was not […]
QUALS_NDH 2k15 | PRIVATE 100 [WRITEUP]
Private 100 was a nice but really easy challenge. Many people found it difficult but it was not. The first thing to do was to read the network capture to see the content. We see many things, like STP, ICMP, ARP, CDP… Well, our first though was to check ICMP data : nothing. After that, […]
QUALS_NDH 2k15 | Mass Surveillance Software 300 [WRITEUP]
For this funny challenge, a .exe was given. In the first place, we check for packers by using Protection iD : Actually we don’t need to unpack it as we’ll just attach Ollydbg to the process. Then we put a memory breapoint at 0x400000, then just move the window to trigger the breakpoint. (Do not […]
Hexpresso 