(EDIT 2019/07/12: added an alternative solution from the author of the challenge) (Note: writeup brought to you by Casimir/SIben and Mathis) protation was a 200-point challenge at the ECSC Qualifier, worth 600 points once given first blood + presentation points. On the side of LeHack, it was valued …
Read MoreEn 2019, la DGSE (Direction Générale de la Sécurité Extérieure) a créé un challenge de cybersécurité à résoudre en 3 semaines. Le challenge contenait plusieurs épreuves de web, stéganographie, cryptographie, programmation, reverse-engineering, pwn et système (escalade de privilèges). Dates : 21/05/2019 – 14/06/2019 Lien : https://www.challengecybersec.fr …
Read MoreRScA was one of the four misc challenges of the pre-qualifier, and one of the least solved challenges of the competition. Cryptography-wise, it was by far not the hardest challenge of the CTF, but it involved extracting traffic from two sigrok captures, which is quite uncommon in a challenge I …
Read MoreBitshift was the only cryptography challenge of the qualifier (among 8) and one of the least solved of the competition. I personally believe it was the most interesting one, and featured a technique that I never really got to work with before. There are better solutions than the one I …
Read MoreDrinks was the only cryptography challenge of Insomni'hack Teaser 2019 and ended up being solved by over 30 teams. Despite this apparent "easiness", it featured a clever side-channel attack I never had the chance to try out before. Challenge description Use this API to gift drink vouchers to yourself or …
Read MoreDescription du challenge Il s'agit du chall donnant le plus de points sur ce CTF (800 pts). C'est un chall de forensics classique, basé sur l'analyse d'un memory dump. Pour commencer, il nous est donné un zip : $ unzip -l MI1_fix01.zip Archive: MI1_fix01.zip Length Date Time Name --------- ---------- ----- ---- 1094804832 2018 …
Read MoreNote : n'étant plus en mesure d'accéder à l'épreuve, je vais expliquer de mémoire certains outputs – train Debug en production a été développé avec le framework Flask. Étant un adepte de Flask et connaissant parfaitement cette techno je me suis mis sur l'épreuve après avoir jeté un coup d’œil sur …
Read More"Tree of life" was a 300-point challenge at Nuit du Hack 2018, that I flagged with Geluchat. It was quite original, and thus quite fun to solve. This writeup comes quite late as I needed to access the challenge website again to write something proper; thanks a lot sybix for …
Read More"On a pas les bases" was a 50-point Steganography challenge at Nuit Du Hack 2018. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. We are provided with the following picture: Analysis We start by running exiftool on the file: ~$ exiftool OREILLES_SALES …
Read More"Very personal portefolio" (yup, portefolio was written like that) was a 100-point Web challenge at Nuit Du Hack 2018. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. Note: this writeup will most likely be updated with more details once the platform …
Read MoreDoors of Durin was a 200-point Misc challenge at Nuit Du Hack 2018. It was quite original, because the code was running on a literal black box with a screen on the desk of the organizers. Since it was an original challenge, let's make an original writeup! Challenge description Alas …
Read MoreFleet was a 300-point Stegano challenge at Nuit Du Hack 2018. Although its level was marked as "Easy", we (jeanmi151 and SIben) got first blood on it near the end of the CTF, and no one else managed to flag it. Challenge description Level: "Easy" "You are in your favorite …
Read Morendash was a 250-point Crypto challenge at Nuit Du Hack 2018. I was very surprised to see it has only been solved 8 times, since it was probably the easiest challenge I encountered (disregarding icmp). I believe we missed getting first blood by not opening the challenge quickly enough :). From …
Read Moreperdu was a 100-point forensics challenge at Nuit Du Hack 2018. I personally didn't beat it in time, mainly due to a lack of sleep, a high consumption of beer and the fact that socializing is much more amusing than flagging. Although someone else from our team ended up flagging …
Read MoreGoCrackMe was a 400-point challenge at Nuit Du Hack 2018 on which we got first blood quite early in the CTF. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. We are provided with a binary file. Write-up As the name of …
Read MoreThis challenge was a 50-point challenge and was the easiest one of the whole CTF. It was created by our beloved WorldCitizen. Challenge description Because we can't access the platform anymore, this challenge shall remain without description for now. We are provided with a file named analysis.pcap. Analyzing the …
Read MoreNice Code was a Web challenge at the ASIS quals 2018. It was solved about 30 times, but contained a few nice tricks that are worth mentioning. Challenge description Beautify php code! Here (http://167.99.36.112:8080/) Discovery and baby steps We arrive on a page with a …
Read MoreWawacoin was a 400-point Crypto/Web challenge at Nuit Du Hack Quals 2018. As is not the first time, we ended up flagging this challenge about 10 minutes after the end of the CTF. Nevertheless, here it goes! Challenge description Wawacoin: 400 pts / Web-Crypto Description Sell your house, buy …
Read MoreGuessflag was a warmup pwn at Insomni'hack 2018. It was a fairly easy challenge, but we struggled a lot on small details. The challenge We were given ssh access to a remote server, and the challenge was in /home/flag there. There we could find a shared lib (dowin.so …
Read Moregmx was a 160 point cryptography challenge in Ångstrom CTF 2018. I thought it was very interesting, especially because it used an actual cryptosystem I had no knowledge of, and surprisingly validated by less than 30 teams among the almost 2000 that were participating. Challenge description defund created a nonconformist …
Read MoreThis article contains writeups for Souper Strong Primes, Hidden Key and Soupstitution from EasyCTF IV. Souper Strong Primes Souper Strong Primes was a 200 point challenge from EasyCTF IV. It was not very complicated, but very long to solve compared to other tasks. Challenge description Technically I used strong primes …
Read MorePixelly was a 220 point challenge in EasyCTF 2018. Although not very realistic, it was quite amusing and thus deserves a writeup in my opinion. Challenge description I've created a new ASCII art generator, and it works beautifully! But I'm worried that someone might have put a backdoor …
Read MoreOver the weekend of the 2nd of February, Inshall'hack participated in the 8th edition of SharifCTF ended up in the 30th position. It was interesting to have some challenges on the Android platform and on Windows, which forced us to step out of our comfort zone and actually work on …
Read MoreChallenge description Catégorie: Misc Points: 500 Description: Will is lost in the Upside-Down and is stuck with the Demogorgon. El is looking for Will, when, she stumbles across a piece of code that Will wrote. The Demogorgon could not decipher the code and hence just left it lying around. El …
Read MoreBearShare 1 and 2 were two 100 point challenges based on the same code in the AceBear Security Contest 2018. Although they have been flagged by quite a large number of teams, they were quite interesting and deserve a writeup. They will be solved in order, so if you're only …
Read More"Hello fibonacci?" was a 100 point programming challenge in the AceBear Security Contest 2018. While all in all not very complicated, I struggled a lot to solve it due to numerous insufficient approaches. These failed approaches as well as the one that worked will be presented below. Challenge description Description …
Read MoreThis challenge was the second most flagged Web challenge of the CTF. Description Last year, a nerd destroyed the system of Robot City by using some evident flaws. It seems that the system has changed and is not as evident to break now. http://smart-y.teaser.insomnihack.ch Recon The …
Read MoreVulnShop was a web challenge in the Insomnihack 2018 teaser. It was solved by SIben, nodauf and Geluchat (khack40) for Inshall'hack. While it ended up being the most flagged challenge of the CTF (apart from the warmup, of course), it was an interesting lesson. Challenge description We're preparing a …
Read MoreChallenge description ecoin - hard I think I'm getting crazy! I see things in things. Like this: PDF The PDF file : https://github.com/Inshallhack/Write-ups/raw/master/34C3-2017/ecoin/ecoin_vuln_notes.pdf First glance First, I opened the PDF and did not notice anything out of the ordinary. This PDF contains …
Read MorePizzagate was the hardest Web challenge in the 34C3 Junior CTF, which Inshall'hack unfortunately solved 10 minutes after the end of the CTF. Nevertheless, it was quite interesting and therefore deserves a writeup. Challenge description pizzagate - hard-ish We found this [pizza shop]. It seems to be under construction currently …
Read MoreSsi was a 100 point Web challenge in the WhiteHat Grand Prix 2017, solved by Shrewk and myself (SIben). As the amount of points suggests, it was one of the easiest challenges of the CTF (points were usually from 100 to 500). Nevertheless, it took us quite a while to …
Read MoreSqlSRF was a 400 point Web challenge in the quals of SECCON 2017. While not exceptionally hard, it required a diverse skillset and was thus quite interesting. Challenge description SqlSRF The root reply the flag to your mail address if you send a mail that subject is "give me flag …
Read More