Topology - zer0pts 2023

Introduction This challenge is a reversing challenge from zer0pts 2023, that I played with The Flat Network Society. We ranked 12th on this CTF which is not bad ! Here is the task: Initial Analysis In this challenge, we have a x86_binary. According to the task statement, it is a…

UPX2000 - Root-Me CTF

Introduction The Root-Me CTF took place on october 21st-23th. At this occasion I released a challenge named UPX2000. Here is its writeup. Reverse Engineering of the binary This write up will be divided in two steps. First the reverse engineering of the binary and then the solving of the challenge.…

Locked - 4/4 - InterIUT2022

Introduction I attended the CTF InterIUT, where I placed 2nd with my team. Here is a write up of the last Forensic challenge (which in fact was a reversing challenge), which I've been the only one to solve. At the beginning, the executable wasn't present in the initial statement, but…

Rhopla - InterIUT2022

Initial Statement The goal of this challenge is simple. Gain an access over the server using a vulnerability in the software. Although this is a quite typical exploitation, there was only two solves on this challenge. Analysis First thing to do with this kind of challenge is execute the file…

Avatar Generator - FCSC 2022

Initial Statement Not much information on what we have to do, let's inspect the application. Introduction Here is how the application looks. Basically we can see a seed, and two colours. We can generate a new avatar and share it on twitter. We can also see we can contact the…

MC Players - FCSC 2022

Initial Statement We have a web server using the MC Status library and we have the source code of the application. Introduction First thing to do with that kind of web challenge is read the source code to better understand the technologies and spot the vulnerabilities. Source code analysis Here…

TV23 - MidnightFlag

Énoncé TV23 - 500 points Auteur: SpawnZii Solution Note: J'ai rejoué ce chall en local après le CTF pour écrire le Write Up Merci à Spawnzii pour les sources ! En arrivant sur le challenge, on ne voit qu'une page de configuration par défaut apache. On check évidemment les fichiers classiques,…