SQLi 1 Here, we are tasked to perform SQL injections. An IPS is configured, this means that we can’t use tools like SQLMap because we would be blocked. We can see, that we are facing a login pag...

MegaUpload 1 - Bypass upload filter For this challenge, we have a website where we can upload files. But the upload is limited to image files (.jpg) and text files (.txt), other files return an...

LFI 1 In this challenge, we are tasked to perform LFI on the given website. The LFI vulnerability often appear in the GET parameter directly in the URL. Here we can notice the ?page=accueil.php ...

Attention au swap In this challenge, we are asked to demonstrate some kind of vulnerability regarding the text editor vim. The name of the challenge gives us a hint on where to look for (swap). ...

Find You’re Path Here we are given username and password for the user bob. We can ssh into the machine as follows: As you can see, when we perform sudo -l we see that we can run the vim comman...

Réseau FTP In this challenge, we have a pcap file and we are tasked to retrieve bob’s password. We need to find its FTP password so lets filter by this protocol: We can see a Login successful...

Réaliste Le monitoring est important In this challenge, we are tasked to become root of the machine. First we go to the login page and can log-in with the credentials admin:admin (before that ot...

Forensic Bitlocker 1 In this challenge, we are given a disk.raw image that contains partition of a windows machine that has been ciphered using bitlocker. We can use the tool bitlocker2john to ...

Authority This Medium machine took me a several days if not a week to complete. I hope you will enjoy this write-up as much as I enjoyed rooting this machine :) Enumeration As always, a good n...

Side Quest - Day 4 In this challenge, we need to become root, so let’s start with the enumeration phase. Enumeration As we can see, we only have two open ports: We go see the website and no...