Locked - 4/4 - InterIUT2022

Introduction I attended the CTF InterIUT, where I placed 2nd with my team. Here is a write up of the last Forensic challenge (which in fact was a reversing challenge), which I've been the only one to solve. At the beginning, the executable wasn't present in the initial statement, but…

Rhopla - InterIUT2022

Initial Statement The goal of this challenge is simple. Gain an access over the server using a vulnerability in the software. Although this is a quite typical exploitation, there was only two solves on this challenge. Analysis First thing to do with this kind of challenge is execute the file…

Avatar Generator - FCSC 2022

Initial Statement Not much information on what we have to do, let's inspect the application. Introduction Here is how the application looks. Basically we can see a seed, and two colours. We can generate a new avatar and share it on twitter. We can also see we can contact the…

MC Players - FCSC 2022

Initial Statement We have a web server using the MC Status library and we have the source code of the application. Introduction First thing to do with that kind of web challenge is read the source code to better understand the technologies and spot the vulnerabilities. Source code analysis Here…

TV23 - MidnightFlag

Énoncé TV23 - 500 points Auteur: SpawnZii Solution Note: J'ai rejoué ce chall en local après le CTF pour écrire le Write Up Merci à Spawnzii pour les sources ! En arrivant sur le challenge, on ne voit qu'une page de configuration par défaut apache. On check évidemment les fichiers classiques,…

Bien plus qu'une simple Galerie - MidnightFlag

Énoncé Bien plus qu'une simple Galerie - 500 points Auteur: 0xSysRell Solution Note: j'ai rejoué ce chall sur un docker en local après le ctf pour faire le write up. Merci à 0xSysRell pour les sources :) En arrivant sur le site web, nous pouvons voir une galerie de photo de…

Solutions PwnMyWorkShop!

Starting Point Initial Statement Donnez votre nom au binaire et voyez ce que vous pouvez en tirer ! nc ctf.woody.sh 2000 Hint: CRIE FORT Code: #include int print_flag() { FILE *fd = fopen("./flag.txt", "r"); char flag[32]; fgets(flag, 32, fd); printf("%s\n", flag); fclose(fd); return…

DamCTF - Cookie-Monster

Introduction This challenge was the first pwn challenge of the CTF Initial Statement: Do you like cookies? I like cookies. nc chals.damctf.xyz 31312 Getting started First thing I did was download the binary and check protections and try to run it. $ file cookie-monster cookie-monster: ELF 32-bit LSB executable,…