It's fall again, and like every year, many CTF are happening in those few months.
Earlier this week I participated in the hack.lu CTF. A CTF organized by the FluxFingers team as a part
of the hack.lu conference in luxembourg. It was a pretty cool CTF with interesting challenges to solve.
I'm not going to do any writeup since there was really nothing interesting to say about the challenges I worked on.
You can always find writeups on the web if you're interested. There are a few on shell-storm.org.
I also participated in the ...
This writeup will cover a 300points web mission we solved during PlaidCTF 2011.
We had access to a simple guestbook with a form. We tried to trigger a bug unsuccessfully.
At first, we thought the vulnerability might be a flaw in csrf handling because of the advisory published last february.
The app was reacting strangely to the csrf cookie, (re)setting it multiple times, but then the organizers removed the csrf check altogether.
We were stuck at this point until a hint was given: django settings file contained a reference to a memcached server. We hadn't tried to ...
J'étais au Hackito Ergo Sum 2011 le week end dernier. Je n'avais pas eu l'opportunité d'écrire
d'article sur la précédente édition de cette conférence car mon blog était plus ou moins mort/fermé
donc je vais me rattraper en vous parlant du contenu de cette année.
Le niveau des talks était très bon et l'ambiance plus "cosmopolite" que certaines autres confs françaises.
Le programme est disponible par là. Tous les talks avaient l'air intéressants, même si j'en
ai manqué certains, notamment celui sur le DWARF, après être parti me mesurer au ...
Yet another writeup for the Padocon 2011.
This time, i'm gonna talk about karma200, a level that we did not validate during the CTF, but i was curious to see how i could exploit it, so i worked on it with Mysterie, kutio, teach and others these last few days.
Like for karma100, we had ssh credentials to a linux box and found a setuid binary called attackme in the home directory. Here is the source code:
int main(int argc,char **argv)
if(argc != 2 ...
This is another writeup for the Padocon 2011 CTF. This time, i'm gonna talk about a wargame-style binary exploitation level, karma 100.
This one was not that difficult to exploit, in fact it took us only a couple of hours to obtain reliable code execution, but we were unable to find the flag until much later.
We were given ssh credentials and once logged in, we had a binary suid boom100 in our home directory with the source code.
/* hi, guys! */
/* This is just warm up :) */
int main( int argc, char *argv ...