Introduction This challenge is a reversing challenge from zer0pts 2023, that I played with The Flat Network Society. We ranked 12th on this CTF which is not bad ! Here is the task: Initial Analysis In this challenge, we have a x86_binary. According to the task statement, it is a…
Write-Up of Spellbook from HackTheBox University CTF. This is a heap challenge on libc 2.23 involving fastbins.…
Introduction I attended the CTF InterIUT, where I placed 2nd with my team. Here is a write up of the last Forensic challenge (which in fact was a reversing challenge), which I've been the only one to solve. At the beginning, the executable wasn't present in the initial statement, but…
Initial Statement The goal of this challenge is simple. Gain an access over the server using a vulnerability in the software. Although this is a quite typical exploitation, there was only two solves on this challenge. Analysis First thing to do with this kind of challenge is execute the file…
Initial Statement Not much information on what we have to do, let's inspect the application. Introduction Here is how the application looks. Basically we can see a seed, and two colours. We can generate a new avatar and share it on twitter. We can also see we can contact the…
Initial Statement We have a web server using the MC Status library and we have the source code of the application. Introduction First thing to do with that kind of web challenge is read the source code to better understand the technologies and spot the vulnerabilities. Source code analysis Here…
Énoncé TV23 - 500 points Auteur: SpawnZii Solution Note: J'ai rejoué ce chall en local après le CTF pour écrire le Write Up Merci à Spawnzii pour les sources ! En arrivant sur le challenge, on ne voit qu'une page de configuration par défaut apache. On check évidemment les fichiers classiques,…
Énoncé Bien plus qu'une simple Galerie - 500 points Auteur: 0xSysRell Solution Note: j'ai rejoué ce chall sur un docker en local après le ctf pour faire le write up. Merci à 0xSysRell pour les sources :) En arrivant sur le site web, nous pouvons voir une galerie de photo de…