App - Script

These challenges will help you to understand scripting vulnerabilities related to weak environment or configuration and development mistakes in some languages.

You will have credentials for each challenge. The goal is to leverage your privileges by exploiting some environment vulnerabilities (incorrect permissions on files, weak encryption, ...) and some development mistakes. This will allow you to get a password in order to validate your skills on the platform.

Prerequisite :
- Knowledges in UNIX shell environment and programming languages like Python and Perl.
- Knowledges in binary files manipulation tools.
- Knowledges in C language.

Challenges associated with this section 12 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide Bash - System 1 16% 8789 5 Lu33Y 10
pas_valide sudo - weak configuration 10% 5638 5 notfound 3
pas_valide Bash - System 2 10% 5792 10 Lu33Y 11
pas_valide Perl - Command injection 5% 2514 15 Tosh 7
pas_valide Bash - cron 6% 2956 20 g0uZ 10
pas_valide Python - input() 7% 3636 20 g0uZ 11
pas_valide Python - pickle 3% 1324 25 koma 5
pas_valide Python - PyJail 1 3% 1348 35 sambecks 3
pas_valide Python - PyJail 2 2% 729 40 zM 11
pas_valide Python - Pyjail 3 1% 426 50 Arod 4
pas_valide Javascript - Jail 1% 72 55 waxous 3
pas_valide Restricted shells 1% 317 70 Yorin 11

Challenge Results Challenge Results

Pseudo Challenge Lang date
dextero   Python - PyJail 1 en 26 July 2017 at 00:30
y0no   Python - PyJail 1 fr 26 July 2017 at 00:19
setanta   Shells restreints fr 25 July 2017 at 23:22
dextero   Python - pickle en 25 July 2017 at 23:22
mucomplex   Bash - System 1 en 25 July 2017 at 23:13
Seraph   Python - input() en 25 July 2017 at 23:04
Gregoire charly   Python - input() en 25 July 2017 at 22:52
Syrion   Python - pickle en 25 July 2017 at 22:52
Gregoire charly   Bash - cron en 25 July 2017 at 22:37
dzonerzy   Python - pickle en 25 July 2017 at 22:34