App - Script

These challenges will help you to understand scripting vulnerabilities related to weak environment or configuration and development mistakes in some languages.

You will have credentials for each challenge. The goal is to leverage your privileges by exploiting some environment vulnerabilities (incorrect permissions on files, weak encryption, ...) and some development mistakes. This will allow you to get a password in order to validate your skills on the platform.

Prerequisite :
- Knowledges in UNIX shell environment and programming languages like Python and Perl.
- Knowledges in binary files manipulation tools.
- Knowledges in C language.

Challenges associated with this section 12 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide Bash - System 1 15% 7273 5 Lu33Y 6
pas_valide sudo - weak configuration 10% 4521 5 notfound 1
pas_valide Bash - System 2 10% 4926 10 Lu33Y 8
pas_valide Perl - Command injection 4% 1942 15 Tosh 3
pas_valide Bash - cron 5% 2456 20 g0uZ 6
pas_valide Python - input() 7% 2990 20 g0uZ 8
pas_valide Python - pickle 3% 1191 25 koma 5
pas_valide Python - PyJail 1 3% 1017 35 sambecks 1
pas_valide Python - PyJail 2 2% 560 40 zM 5
pas_valide Python - Pyjail 3 1% 376 50 Arod 1
pas_valide Javascript - Jail 1% 52 55 waxous 0
pas_valide Restricted shells 1% 165 70 Yorin 1

Challenge Results Challenge Results

Pseudo Challenge Lang date
euskanibal   sudo - faiblesse de configuration fr 29 March 2017 at 12:49
Swagger   Bash - System 1 en 29 March 2017 at 12:46
Loizelet   sudo - faiblesse de configuration fr 29 March 2017 at 12:45
seska   Bash - System 1 en 29 March 2017 at 12:43
Hector   sudo - faiblesse de configuration fr 29 March 2017 at 12:43
rfslf   Python - input() en 29 March 2017 at 12:34
Migzer   Bash - System 1 en 29 March 2017 at 12:30
vamsi   Bash - System 1 en 29 March 2017 at 11:59
Migzer   sudo - weak configuration en 29 March 2017 at 11:43
shynoss   Perl - Command injection fr 29 March 2017 at 11:11