App - Script

These challenges will help you to understand scripting vulnerabilities related to weak environment or configuration and development mistakes in some languages.

You will have credentials for each challenge. The goal is to leverage your privileges by exploiting some environment vulnerabilities (incorrect permissions on files, weak encryption, ...) and some development mistakes. This will allow you to get a password in order to validate your skills on the platform.

Prerequisite :
- Knowledges in UNIX shell environment and programming languages like Python and Perl.
- Knowledges in binary files manipulation tools.
- Knowledges in C language.

Challenges associated with this section 11 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide ELF32 - System 1 15% 6006 5 Lu33Y 6
pas_valide sudo - weak configuration 9% 3556 5 notfound 2
pas_valide ELF32 - System 2 11% 4187 10 Lu33Y 8
pas_valide Perl - Command injection 4% 1515 15 Tosh 2
pas_valide Bash - cron 6% 2090 20 g0uZ 6
pas_valide Python - input() 7% 2430 20 g0uZ 8
pas_valide Python - pickle 3% 1105 25 koma 5
pas_valide Python - PyJail 1 2% 732 35 sambecks 1
pas_valide Python - PyJail 2 2% 430 40 zM 5
pas_valide Python - Pyjail 3 1% 316 50 Arod 1
pas_valide Javascript - Jail 1% 10 55 waxous 0

Challenge Results Challenge Results

Pseudo Challenge Lang date
Bmantra   sudo - faiblesse de configuration fr 10 December 2016 at 23:15
geceo   Python - PyJail 1 fr 10 December 2016 at 22:55
Bmantra   ELF32 - System 1 fr 10 December 2016 at 22:44
Wellan   sudo - faiblesse de configuration fr 10 December 2016 at 21:54
Wellan   ELF32 - System 2 fr 10 December 2016 at 21:46
joseph   Python - PyJail 2 fr 10 December 2016 at 21:40
meg75   Python - PyJail 1 fr 10 December 2016 at 21:21
maesrin   Perl - Command injection en 10 December 2016 at 21:08
Wellan   ELF32 - System 1 fr 10 December 2016 at 21:03
Ismail   sudo - faiblesse de configuration fr 10 December 2016 at 20:50