App - Script

These challenges will help you to understand scripting vulnerabilities related to weak environment or configuration and development mistakes in some languages.

You will have credentials for each challenge. The goal is to leverage your privileges by exploiting some environment vulnerabilities (incorrect permissions on files, weak encryption, ...) and some development mistakes. This will allow you to get a password in order to validate your skills on the platform.

Prerequisite :
- Knowledges in UNIX shell environment and programming languages like Python and Perl.
- Knowledges in binary files manipulation tools.
- Knowledges in C language.

Challenges associated with this section 12 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide ELF32 - System 1 15% 6386 5 Lu33Y 6
pas_valide sudo - weak configuration 9% 3831 5 notfound 2
pas_valide ELF32 - System 2 11% 4428 10 Lu33Y 8
pas_valide Perl - Command injection 4% 1636 15 Tosh 3
pas_valide Bash - cron 6% 2217 20 g0uZ 6
pas_valide Python - input() 7% 2614 20 g0uZ 8
pas_valide Python - pickle 3% 1135 25 koma 5
pas_valide Python - PyJail 1 2% 810 35 sambecks 1
pas_valide Python - PyJail 2 2% 474 40 zM 5
pas_valide Python - Pyjail 3 1% 334 50 Arod 1
pas_valide Javascript - Jail 1% 35 55 waxous 0
pas_valide Restricted shells 1% 43 70 Yorin 0

Challenge Results Challenge Results

Pseudo Challenge Lang date
Saad Houcem Eddine   Python - input() fr 20 January 2017 at 03:55
Saad Houcem Eddine   ELF32 - System 1 en 20 January 2017 at 03:24
GH0st3rs   Python - PyJail 1 en 20 January 2017 at 00:38
BernschB   Bash - cron en 20 January 2017 at 00:35
Anis_Boss   Restricted shells en 19 January 2017 at 22:29
Antoine   ELF32 - System 1 fr 19 January 2017 at 20:51
Pridwen   Python - input() fr 19 January 2017 at 20:30
jcksn   Python - PyJail 2 en 19 January 2017 at 20:03
jcksn   Python - PyJail 1 en 19 January 2017 at 19:10
whz   Python - PyJail 2 fr 19 January 2017 at 18:58