23/Dec 2019
11 min. read
Survive all was a challenge proposed during the Santhacklaus CTF 2019. It was one of the hardest challenge of the competiton. Only one objective : obtain a root access.
Step 1 : Perimeter discovery 1.1. Services We started this challenge with a classical services recon.
PORT STATE SERVICE VERSION 22/tcp closed ssh 80/tcp open http Apache httpd 2.4.38 | http-methods: |\_ Supported Methods: HEAD |\_http-title: Survive All The best survival tech guide Service Info: Host: 172.
14/Apr 2019
14 min. read
The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO.
For this recap, I want to do some analyses on my challenge to know how challengers proceed to solve it. There is some fun facts :D You can read writeups here to understand the context :
6/Apr 2019
16 min. read
The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO.
For this challenge, I wanted to teach challengers the principle of SSH tunneling and basics of penetration testing.
Writeups wrote by others challengers (too many writeups you are mad <3) :
30/Dec 2018
12 min. read
Netrunner is the second biggest challenge of the Santhacklaus 2018 CTF. The challenge is not really hard, but could be particulary annoying if you don’t know what to do. You need to have some skills in pentest web and medium skills in Linux system.
The challenge is divided in 3 steps. Each step has its own validation password (flag). So let’s begin with the first step !
1st step - You have a mission !
25/Dec 2018
23 min. read
ArchDrive is the biggest challenge of the Santhacklaus 2018 CTF and my favorite one. It’s divided in 5 steps of increasing difficulty. The challenge is not really hard, but particularly long and time-consuming. You need to have some strong skills in web pentesting, some basic skills in forensic and medium skills in Linux system.
So, as you can see, the 5 steps have their own validation password (flag). Let’s start the challenge !