NDH2K15_QUALS | RAPTOR MISC400 [WRITEUP]

Let’s connect to the service : After some tests, Notfound found (*tadam tss*) that the phone field can be used to inject hexa code when you register a new user : After that, when you log as the « po » user and type the « HISTORY » command, the injection happened. So (after many tests…) let’s try to […]

NDH2K15_QUALS | Superman CRACKME/REVERSE 500 [WRITEUP]

This task is a Crackme/Reverse task worth 500 points from the Nuit du Hack qualifications. We were given an ELF : superman: ELF 32-bit LSB executable, Intel 80386, invalid version (SYSV), for GNU/Linux 2.6.24, dynamically linked, interpreter 04, corrupted section header size This task is very similar to the Clark Kent. Except that there is […]

0CTF 2015 | Treasure 50 [WRITEUP]

Description: Romors say that something is buried in treasure.ctf.0ops.sjtu.cn, happy treasure hunting. 🙂 First of all, we do a DNS request : Well, we see that the IPv4 pointing on localhost, but the IPv6 is more interesting. Let’s try a ping6 on it: Well, it works 🙂 We decide to traceroute6 on it : Ok, […]

0CTF 2015 | Forward 250 [WRITEUP]

This task is a web task worth 250 points from the 0CTF 2015. There is an input field, and two buttons : Login and FLAG. FLAG gives us the source code of the task, without the db credentials : At this point, I was a bit sad, because I wanted to get the flag. 😦 […]

AIRBUS | STEG100, STEG42, STEG275

> STEG1 : [Google phishing file ?] – This challenge was a file named « Google.fr ». First of all, as usual, I used the ‘file’ command from BSD. The file was a tar.gz archive : – Well, at the end, there are two files. Taking a quick look at the .html file reveals in a comment […]

AIRBUS | NETWORK50 [WRITEUP]

– For this challenge, a .pcap file was given : – Since I discovered scapy, which is a python library, I use it with Wireshark or tshark or tcpdump. So, let’s have a look at this capture using scapy : So, the capture constained 51 TCP packets and 6 sessions. We can see easily that’s […]

AIRBUS | All Web [WRITEUP]

WEB1 : [X0X0.html] – First of all, beautify the code using jsbeautifier.org (or another one) Add document.write() and delete last () at the last line : – The output is the following (without the indent) : Flag : [0bfuscat3d{js}]   ———————————————————————————————————————————————-   WEB2 : [G00d_Luck.html] Open with firefox, right click, inspect the element, will return […]

AIRBUS | Crypto150 [WRITEUP]

Those files were given :   – So, I had three PEM certificates and a S/MIME entity text file. Well, that’s have a look at a certificate, using openssl :   I noticed that the exponent is the smallest possible ( the RSA public exponent e is an integer between 3 and n – 1 […]