Zipper In this challenge, we have access to this zip. First I tried to unzip it and we find a PDF with two images talking about the zip format. I tried to run binwalk on them with no luck. But a...
CTFs | HeroCTF_2024 | Steganographie | Subliminal2
Subliminal#2 Here we are given a video with a square that appears on each frame. We need to recover every square, reassemble them into one image and save it to get the flag. I used the following...
CTFs | HeroCTF_2024 | Reverse | AutoInfector
AutoInfector When we get to this website we have a button to download a file. If we look at the JS that deals with the action of the button, we get the following code: Here is a clearer versi...
CTFs | HeroCTF_2024 | Misc | Moo
Moo In this challenge, we need to escape the restricted shell we are in. First we can try some commands to see what is working and what is not: So as we can see, a lot of commands are restri...
CTFs | HeroCTF_2024 | Misc | LazySysAdmin1
LazySysAdmin #1 In this challenge we just have access to a web page and need to find the malicious code. When we access a post, we get a page with a bunch of text and if we look in the source co...
CTFs | HeroCTF_2024 | Misc | Einstein
Einstein So in this challenge, we connect to an SSH server and we list the files: In the learn.c file we see the following code where the cat binary is called as is but not like /bin/cat: ...
CTFs | HeroCTF_2024 | Forensique | Transformers
Transformers #1 In this challenge, we are given an .iso file. We need to find the file extension of the malicious program and its sha256. To be able to read it easily, I’ve put this .iso in a wi...
CTFs | HeroCTF_2024 | Forensique | Tenant trouble
Tenant trouble In this chall, we are given a .csv file that looks like this: We can use the following bash command to list the number of connection of each user: As we can see, the user mi...
CTFs | HeroCTF_2024 | Forensique | LazySysAdmin2
LazySysAdmin #2 In this challenge, we are given an .iso file. We can mount it on our machine and see the root folder of a Linux machine: First I tried to look inside the rr_moved folder but t...
CTFs | 404CTF_2024 | Web | Vous etes en RETARD
Vous êtes en RETARD In this challenge we are just given an URL and we need to exploit this web site: Nothing interesting… Because we can’t fuzz with gobuster, let’s try looking in the source c...