Private 100 was a nice but really easy challenge. Many people found it difficult but it was not. The first thing to do was to read the network capture to see the content. We see many things, like STP, ICMP, ARP, CDP… Well, our first though was to check ICMP data : nothing. After that, […]


Let’s connect to the service : After some tests, Notfound found (*tadam tss*) that the phone field can be used to inject hexa code when you register a new user : After that, when you log as the « po » user and type the « HISTORY » command, the injection happened. So (after many tests…) let’s try to […]


This task is a Crackme/Reverse task worth 500 points from the Nuit du Hack qualifications. We were given an ELF : superman: ELF 32-bit LSB executable, Intel 80386, invalid version (SYSV), for GNU/Linux 2.6.24, dynamically linked, interpreter 04, corrupted section header size This task is very similar to the Clark Kent. Except that there is […]

0CTF 2015 | Treasure 50 [WRITEUP]

Description: Romors say that something is buried in treasure.ctf.0ops.sjtu.cn, happy treasure hunting. 🙂 First of all, we do a DNS request : Well, we see that the IPv4 pointing on localhost, but the IPv6 is more interesting. Let’s try a ping6 on it: Well, it works 🙂 We decide to traceroute6 on it : Ok, […]

0CTF 2015 | Forward 250 [WRITEUP]

This task is a web task worth 250 points from the 0CTF 2015. There is an input field, and two buttons : Login and FLAG. FLAG gives us the source code of the task, without the db credentials : At this point, I was a bit sad, because I wanted to get the flag. 😦 […]