Inshall'hack
Security if God wills it
Inshall'hack

Archives

protation Writeup (ECSC Qualifier Finals 2019/LeHack 2019)

(EDIT 2019/07/12: added an alternative solution from the author of the challenge) (Note: writeup brought to you by Casimir/SIben and Mathis) protation was a 200-point challenge at the ECSC Qualifier, worth 600 points once given first blood + presentation points. On the side of LeHack, it was valued at 350 points. We, Casimir (aka SIben) and Mathis, were flagging for different competitions (but playing for Inshall'hack in both cases), and were pursuing similar...

[FR] Writeup du challenge Richelieu 2019 de la DGSE

En 2019, la DGSE (Direction Générale de la Sécurité Extérieure) a créé un challenge de cybersécurité à résoudre en 3 semaines. Le challenge contenait plusieurs épreuves de web, stéganographie, cryptographie, programmation, reverse-engineering, pwn et système (escalade de privilèges). Dates : 21/05/2019 – 14/06/2019 Lien : https://www.challengecybersec.fr/ Auteurs : Shutdown & Oik= Merci à Duty & Antoxyde Fichiers du challenge Lien de téléchargement : https://mega.nz/#F!qC4giapK!m9kWkmna_dUhNQO4W3cJdQ a0bf3ba00d839937266c4adadea9b3bedc9fda4978c8358c77c071c5f2a03052 defi1 ad19d1008423f26779dda1290aeb8fc3aa1a238c26098a92e31a92bd8c7e97ff defi2 f5ba445040554abbab6b8208942d78f4939018e84e5c86fe327ee464cff54ad3 defi3 55bf0074ef24c4683ed69f4d94a1b4e6062b497464fe5b84cf0f7bcd059e92f4 Richelieu.pdf TL;DR Le lien...

RScA Writeup (ECSC French Pre-qualifier 2019)

RScA was one of the four misc challenges of the pre-qualifier, and one of the least solved challenges of the competition. Cryptography-wise, it was by far not the hardest challenge of the CTF, but it involved extracting traffic from two sigrok captures, which is quite uncommon in a challenge I would say. The last time I encountered such a challenge was (iirc) in the SSTIC challenge 2017. Back then, I had just started playing CTFs...

Bitshift Writeup (Sogeti Cyber E-Scape 2019 Qualifier)

Bitshift was the only cryptography challenge of the qualifier (among 8) and one of the least solved of the competition. I personally believe it was the most interesting one, and featured a technique that I never really got to work with before. There are better solutions than the one I will present in this writeup for this particular challenge. However, I argue that the method I used works in a more generic context and is thus...

Drinks Writeup (Insomnihack Teaser 2019)

Drinks was the only cryptography challenge of Insomni'hack Teaser 2019 and ended up being solved by over 30 teams. Despite this apparent "easiness", it featured a clever side-channel attack I never had the chance to try out before. Challenge description Use this API to gift drink vouchers to yourself or your friends! Vouchers are encrypted and you can only redeem them if you know the passphrase. Because it is important to stay hydrated, here is the passphrase for...

[FR] Mission Impossible 1 Writeup (Santhacklaus CTF 2018)

Description du challenge Il s'agit du chall donnant le plus de points sur ce CTF (800 pts). C'est un chall de forensics classique, basé sur l'analyse d'un memory dump. Pour commencer, il nous est donné un zip : $ unzip -l MI1_fix01.zip Archive: MI1_fix01.zip Length Date Time Name --------- ---------- ----- ---- 1094804832 2018-12-16 17:18 challenge.elf...

Production debugging note (SigSegv1 CTF)

Production debugging is one of the two tasks I submitted for the SigSegv1 CTF. Though the challenge was beta-tested (and judged to be of sufficient quality by the testers), it apparently elicited significant backlash among the players of the CTF. It ended up being flagged only once, by train whose writeup is available in French here. Although the writeup is indeed correct, it sort of lacks a deeper understanding of the issue and why...

[FR] Debug en production Writeup (SigSegv1 CTF)

Note : n'étant plus en mesure d'accéder à l'épreuve, je vais expliquer de mémoire certains outputs – train Debug en production a été développé avec le framework Flask. Étant un adepte de Flask et connaissant parfaitement cette techno je me suis mis sur l'épreuve après avoir jeté un coup d’œil sur les autres challenges. Description du challenge LOL mon pote dit qu'il peut se connecter en tant qu'admin sur mon app. Je le crois pas, mais avant d'accepter...

Tree of life Writeup (Nuit Du Hack 2018)

"Tree of life" was a 300-point challenge at Nuit du Hack 2018, that I flagged with Geluchat. It was quite original, and thus quite fun to solve. This writeup comes quite late as I needed to access the challenge website again to write something proper; thanks a lot sybix for putting it online again! It is our last writeup related to NDH16 (finally!). Challenge description Access the admin's secret page on https://treeoflife.wargame.rocks Note: for this...

On a pas les bases Writeup (Nuit Du Hack 2018)

"On a pas les bases" was a 50-point Steganography challenge at Nuit Du Hack 2018. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. We are provided with the following picture: Analysis We start by running exiftool on the file: ~$ exiftool OREILLES_SALES.png ExifTool Version Number : 11.03 File Name...

Very personal portefolio Writeup (Nuit Du Hack 2018)

"Very personal portefolio" (yup, portefolio was written like that) was a 100-point Web challenge at Nuit Du Hack 2018. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. Note: this writeup will most likely be updated with more details once the platform is online again. We are provided with a url to a website. Since the platform has been taken down for now, this writeup will try to be as...

Doors of Durin Writeup (Nuit Du Hack 2018)

Doors of Durin was a 200-point Misc challenge at Nuit Du Hack 2018. It was quite original, because the code was running on a literal black box with a screen on the desk of the organizers. Since it was an original challenge, let's make an original writeup! Challenge description Alas, the doors have shut on their secrets. Heed my words, those of the one who remembers. Legends of the darkness Through the cold of the night, we arrived at the...

Fleet Writeup (Nuit Du Hack 2018)

Fleet was a 300-point Stegano challenge at Nuit Du Hack 2018. Although its level was marked as "Easy", we (jeanmi151 and SIben) got first blood on it near the end of the CTF, and no one else managed to flag it. Challenge description Level: "Easy" "You are in your favorite bar, ordering a beer, when a crumpled credit card receipt draws your attention. You unfold it. Here's what you find on the back... 1337 http://fleet.wargame.rocks thb/g/6/19 -------------------" Guessing Discovery Clicking...

ndash Writeup (Nuit Du Hack 2018)

ndash was a 250-point Crypto challenge at Nuit Du Hack 2018. I was very surprised to see it has only been solved 8 times, since it was probably the easiest challenge I encountered (disregarding icmp). I believe we missed getting first blood by not opening the challenge quickly enough :). From what I gathered though, the solution presented here was not intended. Challenge description Because we can't access the platform anymore, this challenge shall remain without description...

perdu Writeup (Nuit Du Hack 2018)

perdu was a 100-point forensics challenge at Nuit Du Hack 2018. I personally didn't beat it in time, mainly due to a lack of sleep, a high consumption of beer and the fact that socializing is much more amusing than flagging. Although someone else from our team ended up flagging it, I decided to solve it after the event ended and write it up myself. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for...

GoCrackMe Writeup (Nuit Du Hack 2018)

GoCrackMe was a 400-point challenge at Nuit Du Hack 2018 on which we got first blood quite early in the CTF. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. We are provided with a binary file. Write-up As the name of the challenge implies, this binary is a Go executable. After a quick static analysis, we found out that the whole binary is stripped, which makes pursuing such an analysis...

icmp Writeup (Nuit Du Hack 2018)

This challenge was a 50-point challenge and was the easiest one of the whole CTF. It was created by our beloved WorldCitizen. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. We are provided with a file named analysis.pcap. Analyzing the pcap People who know me know that I'm always reluctant to open wireshark, because it's hellish to navigate using a mousepad on a smaller-than-24″ screen. Therefore, I started the...

Nice Code Writeup (ASIS CTF Quals 2018)

Nice Code was a Web challenge at the ASIS quals 2018. It was solved about 30 times, but contained a few nice tricks that are worth mentioning. Challenge description Beautify php code! Here (http://167.99.36.112:8080/) Discovery and baby steps We arrive on a page with a Get started button. Since it does not contain anything interesting, we just click on the button, and end up on a page whose URL is http://167.99.36.112:8080/admin/ that basically consists of the following...

Wawacoin Writeup (Nuit du Hack Quals 2018)

Wawacoin was a 400-point Crypto/Web challenge at Nuit Du Hack Quals 2018. As is not the first time, we ended up flagging this challenge about 10 minutes after the end of the CTF. Nevertheless, here it goes! Challenge description Wawacoin: 400 pts / Web-Crypto Description Sell your house, buy WawaCoin cryptocurrency cyber-blockchain, ???, profit. Recon The...

Guessflag Writeup (Insomni'hack 2018)

Guessflag was a warmup pwn at Insomni'hack 2018. It was a fairly easy challenge, but we struggled a lot on small details. The challenge We were given ssh access to a remote server, and the challenge was in /home/flag there. There we could find a shared lib (dowin.so), the main binary (guessflag), and a text file (flag.txt). We could see that guessflag was setgid and that the owner of both the flag.txt file and the guessflag binary was part...

gmx Writeup (Ångstrom CTF 2018)

gmx was a 160 point cryptography challenge in Ångstrom CTF 2018. I thought it was very interesting, especially because it used an actual cryptosystem I had no knowledge of, and surprisingly validated by less than 30 teams among the almost 2000 that were participating. Challenge description defund created a nonconformist hybrid cryptosystem. He even made a service running at web.angstromctf.com:3000; here's the public key. All you have to do is decrypt this flag, which was...

Paddinganography: hiding data in baseN-encoded strings

Context A couple of weeks ago, I discovered a steganography technique based on the padding of base64-encoded strings. The reasoning behind it goes as follows: when encoding a message using base64, each of the base64 characters represents 6 bits (as 26 = 64 possible values can be encoded on 6 bits); unfortunately, this means that if we were to encode one 8-bit extended ASCII character, we would need two base64 characters, as one would only cover...

Souper Strong Primes, Hidden Key and Soupstitution Writeups (EasyCTF IV)

This article contains writeups for Souper Strong Primes, Hidden Key and Soupstitution from EasyCTF IV. Souper Strong Primes Souper Strong Primes was a 200 point challenge from EasyCTF IV. It was not very complicated, but very long to solve compared to other tasks. Challenge description Technically I used strong primes. But are they really strong in this case? They are big, but there might still be an issue here. n.txt e.txt c.txt n.txt e.txt c.txt Strong primes Looking at n,...

Pixelly Writeup (EasyCTF IV)

Pixelly was a 220 point challenge in EasyCTF 2018. Although not very realistic, it was quite amusing and thus deserves a writeup in my opinion. Challenge description I've created a new ASCII art generator, and it works beautifully! But I'm worried that someone might have put a backdoor in it. Maybe you should check out the source for me... Service: http://c1.easyctf.com:12489/ Source: https://cdn.easyctf.com/184a3fed376b4aafbb34e54e1c77efba87efdbda978952271d033aad7fb54488_asciinator.py Service The service basically lets us upload a picture and see its ASCII art representation, as we could...

SkeletonKey, OldSchoolNewAge and Barnamak Writeups (SharifCTF 8)

Over the weekend of the 2nd of February, Inshall'hack participated in the 8th edition of SharifCTF ended up in the 30th position. It was interesting to have some challenges on the Android platform and on Windows, which forced us to step out of our comfort zone and actually work on something different than standard Linux x86 binary challenges. Because the challenges were quite short, this article will contain the writeups for the SkeletonKey, OldSchoolNewAge and Barnamak challenges, in this order. SkeletonKey Challenge description Category...

Connecting Will Writeup (BreakIn CTF)

Challenge description Catégorie: Misc Points: 500 Description: Will is lost in the Upside-Down and is stuck with the Demogorgon. El is looking for Will, when, she stumbles across a piece of code that Will wrote. The Demogorgon could not decipher the code and hence just left it lying around. El needs your help to find the 2 numbers that can get her the secret key which Will was trying to share. Can you help her? Link to submit:...

BearShare 1 & 2 Writeup (AceBear Security Contest 2018)

BearShare 1 and 2 were two 100 point challenges based on the same code in the AceBear Security Contest 2018. Although they have been flagged by quite a large number of teams, they were quite interesting and deserve a writeup. They will be solved in order, so if you're only interested in the solution of BearShare 2, you can easily skip the whole first part of the writeup. Challenge description BearShare Description: I have an

Hello fibonacci? Writeup (AceBear Security Contest 2018)

"Hello fibonacci?" was a 100 point programming challenge in the AceBear Security Contest 2018. While all in all not very complicated, I struggled a lot to solve it due to numerous insufficient approaches. These failed approaches as well as the one that worked will be presented below. Challenge description Description: Yesterday, my friend shows me some math sequence. And now, it's...

Smart-Y Writeup (Insomnihack Teaser 2018)

This challenge was the second most flagged Web challenge of the CTF. Description Last year, a nerd destroyed the system of Robot City by using some evident flaws. It seems that the system has changed and is not as evident to break now. http://smart-y.teaser.insomnihack.ch Recon The description evokes a previous challenge from Insomni'hack 2017. We therefore started by looking for the writeup of this challenge. At this point, it seems likely that the website uses the Smarty framework - which is confirmed...

VulnShop Writeup (Insomnihack Teaser 2018)

VulnShop was a web challenge in the Insomnihack 2018 teaser. It was solved by SIben, nodauf and Geluchat (khack40) for Inshall'hack. While it ended up being the most flagged challenge of the CTF (apart from the warmup, of course), it was an interesting lesson. Challenge description We're preparing a website for selling some important vulnerabilities in the future. You can browse some static pages on it, waiting for the official release. http://vulnshop.teaser.insomnihack.ch Source code The link leads...

Ecoin Writeup (34C3 CTF)

Challenge description ecoin - hard I think I'm getting crazy! I see things in things. Like this: PDF The PDF file : https://github.com/Inshallhack/Write-ups/raw/master/34C3-2017/ecoin/ecoin_vuln_notes.pdf First glance First, I opened the PDF and did not notice anything out of the ordinary. This PDF contains an advertisement for Ecoin (wink to Mr.Robot) as well as a blank page "[This page unintentionally left blank]". I then issued some basic forensics-related commands : pdfinfo ecoin_vuln_notes.pdf Syntax Error (1288034): Missing 'endstream' or incorrect stream...

Pizzagate Writeup (34C3 CTF)

Pizzagate was the hardest Web challenge in the 34C3 Junior CTF, which Inshall'hack unfortunately solved 10 minutes after the end of the CTF. Nevertheless, it was quite interesting and therefore deserves a writeup. Challenge description pizzagate - hard-ish We found this [pizza shop]. It seems to be under construction currently, but we believe

Ssi Writeup (WhiteHat Grand Prix CTF 2017)

Ssi was a 100 point Web challenge in the WhiteHat Grand Prix 2017, solved by Shrewk and myself (SIben). As the amount of points suggests, it was one of the easiest challenges of the CTF (points were usually from 100 to 500). Nevertheless, it took us quite a while to completely solve it. Challenge description Ssi Link: ssi.grandprix.whitehatvn.com Backup: bak.ssi.grandprix.whitehatvn.com Author - BkavTeam Color changes Upon clicking either of the links, we stumble upon the following page: When inputting...

SqlSRF Writeup (SECCON CTF 2017)

SqlSRF was a 400 point Web challenge in the quals of SECCON 2017. While not exceptionally hard, it required a diverse skillset and was thus quite interesting. Challenge description SqlSRF The root reply the flag to your mail address if you send a mail that subject is "give me flag" to root. http://sqlsrf.pwn.seccon.jp/sqlsrf/ The files Upon clicking the link provided in the description, we're presented with a list of four files: bg-header.jpg, index.cgi, index.cgi_backup20171129, and menu.cgi. I decided to look...

Receive Updates

ATOM

Contacts