knacky
36
Posición
11825
Puntos
287
Retos
10
Compromissions
73%
App - Script
390 Points 16/22
- o Bash - System 1
- o sudo - weak configuration
- o Bash - System 2
- o Powershell - Command Injection
- o Bash - unquoted expression injection
- o Perl - Command injection
- x Powershell - SecureString
- o Bash - cron
- o Python - input()
- o Bash - quoted expression injection
- o Bash - race condition
- x Powershell - Basic jail
- o Python - pickle
- o Shared Objects hijacking
- x SSH - Agent Hijacking
- o Python - PyJail 1
- o PHP - Jail
- o Python - PyJail 2
- x Python - Jail - Exec
- x Javascript - Jail
- x Python - Jail - Garbage collector
- o Bash - Restricted shells
73%
96%
App - Sistema
5380 Points 72/75
- o ELF x86 - Stack buffer overflow basic 1
- o ELF x86 - Stack buffer overflow basic 2
- o PE32 - Stack buffer overflow basic
- o ELF x86 - Format string bug basic 1
- o ELF x64 - Stack buffer overflow - basic
- o ELF x86 - Format string bug basic 2
- o ELF x86 - Race condition
- o ELF ARM - Stack buffer overflow - basic
- o ELF MIPS - Stack buffer overflow - No NX
- o ELF x86 - Stack buffer overflow basic 3
- o ELF x86 - Use After Free - basic
- o ELF ARM - Stack Spraying
- o ELF x86 - BSS buffer overflow
- o ELF x86 - Stack buffer overflow basic 4
- o ELF x86 - Stack buffer overflow basic 6
- o ELF x86 - Format String Bug Basic 3
- o PE32 - Advanced stack buffer overflow
- o ELF ARM - Basic ROP
- o ELF MIPS - Basic ROP
- o ELF x86 - Stack buffer overflow - C++ vtables
- o PE32+ Format string bug
- o ELF x64 - Logic bug
- o ELF x86 - Bug Hunting - Several issues
- o ELF x86 - Stack buffer and integer overflow
- o ELF x86 - Stack buffer overflow - ret2dl_resolve
- o ELF x86 - Stack buffer overflow basic 5
- o ELF x64 - Stack buffer overflow - advanced
- o ELF MIPS - Format String Glitch
- o ELF x86 - Information leakage with Stack Smashing Protector
- o ELF ARM - Race condition
- o ELF x64 - Browser exploit - Intro
- o ELF x86 - Out of bounds attack - French Paradox
- o ELF x86 - Remote BSS buffer overflow
- o ELF x86 - Remote Format String bug
- o PE32+ Basic ROP
- o ELF x64 - Remote heap buffer overflow - fastbin
- o ELF x86 - Blind remote format string bug
- o LinKern ARM - vulnerable syscall
- o LinKern x86 - Buffer overflow basic 1
- o LinKern x86 - Null pointer dereference
- o LinKern x64 - Race condition
- o ELF ARM - Alphanumeric shellcode
- o ELF MIPS - URLEncoded Format String bug
- o ELF x86 - Hardened binary 1
- o ELF x86 - Hardened binary 2
- o ELF x86 - Hardened binary 3
- o ELF x86 - Hardened binary 4
- o LinKern MIPSel - Vulnerable ioctl
- o LinKern x64 - reentrant code
- o ELF ARM - Heap format string bug
- o ELF x64 - Sigreturn Oriented Programming
- o ELF ARM - Format String bug
- o ELF ARM - Use After Free
- o ELF x64 - Heap feng-shui
- o ELF x64 - Off-by-one bug
- o ELF x86 - Hardened binary 5
- o LinKern ARM - Stack Overflow
- o LinKern x86 - basic ROP
- o ELF ARM - Heap Off-by-One
- o ELF x64 - Remote Heap buffer overflow 1
- o ELF x86 - Hardened binary 6
- o ELF x86 - Hardened binary 7
- o ELF x86 - Remote stack buffer overflow - Hardened
- o LinKern x64 - RowHammer
- o LinKern x64 - SLUB off-by-one
- o ELF ARM - Heap buffer overflow - Wilderness
- o ELF ARM - Heap Overflow
- o ELF x64 - Seccomp Whitelist
- o ELF x86 - Blind ROP
- o Linkern x64 - Memory exploration
- x WinKern x64 - Advanced stack buffer overflow - ROP
- x WinKern x64 - Use After Free
- o ELF x64 - Remote Heap buffer overflow 2
- o ELF x64 - Blind ROP
- x ELF x64 - Browser exploit - BitString
96%
97%
Cracking
1385 Points 37/38
- o ELF x86 - 0 protection
- o ELF x86 - Basic
- o PE x86 - 0 protection
- o ELF C++ - 0 protection
- o PE DotNet - 0 protection
- o ELF MIPS - Basic Crackme
- o ELF x64 - Golang basic
- o ELF x86 - Fake Instructions
- o ELF x86 - Ptrace
- o ELF ARM - Basic Crackme
- o ELF x64 - Basic KeygenMe
- o PYC - ByteCode
- o ELF x86 - No software breakpoints
- o MachO x64 - keygenme or not
- o ELF ARM - crackme 1337
- o ELF x86 - CrackPass
- o ELF x86 - ExploitMe
- o ELF x86 - Random Crackme
- o GB - Basic GameBoy crackme
- o PDF - Javascript
- o PE x86 - Xor Madness
- o ELF ARM - Crypted
- o ELF x64 - Crackme automating
- o PE x86 - SEHVEH
- o APK - Anti-debug
- o ELF x64 - Nanomites - Introduction
- o ELF x86 - Anti-debug
- o PE x86 - AutoPE
- o ELF x86 - KeygenMe
- o ELF x64 - KeyGenMe
- o ELF x64 - Anti-debug and equations
- o ELF x64 - Nanomites
- o ELF x86 - Packed
- o PE x86 - RunPE
- o ELF x86 - VM
- o ELF x64 - Hidden Control Flow
- o Ringgit
- x White-Box Cryptography #2
97%
36%
Criptoanálisis
330 Points 18/50
- o Encoding - ASCII
- o Encoding - UU
- o Hash - Message Digest 5
- o Hash - SHA-2
- o Shift cipher
- o Pixel Madness
- o ELF64 - PID encryption
- o File - PKZIP
- o Monoalphabetic substitution - Caesar
- o Known plaintext - XOR
- o Code - Pseudo Random Number Generator
- x File - Insecure storage 1
- o Polyalphabetic substitution - Vigenère
- x System - Android lock pattern
- o Transposition - Rail Fence
- o AES - CBC - Bit-Flipping Attack
- x AES - ECB
- x LFSR - Known plaintext
- o RSA - Factorisation
- x RSA - Decipher Oracle
- x Service - Timing attack
- o Monoalphabetic substitution - Polybe
- x Twisted secret
- o Initialisation Vector
- x GEDEFU
- x RSA - Corrupted key 1
- x RSA - Continued fractions
- x RSA - Common modulus
- x Service - Hash length extension attack
- x AES - 4 Rounds
- x ECDSA - Introduction
- x RSA - Padding
- x RSA - Signature
- x AES128 - CTR
- x Discrete logarithm problem
- x RSA - Corrupted key 2
- x RSA - Corrupted key 3
- x RSA - Multiple recipients
- x AES - Fault attack #1
- x Enigma Machine
- x ECDHE
- x RSA - Lee cooper
- o Service - CBC Padding
- x Polyalphabetic substitution - One Time Pad
- x White-Box Cryptography
- x AES - Weaker variant
- x Hash - SHA-3
- x AES - Fault attack #2
- x AES-PMAC
- x ECDSA - Implementation error
36%
44%
Forense
315 Points 11/25
- o Command & Control - level 2
- o Logs analysis - web attack
- o Command & Control - level 5
- o Find the cat
- o Ugly Duckling
- x Active Directory - GPO
- o Command & Control - level 3
- o DNS exfiltration
- o Command & Control - level 4
- o Job interview
- o Homemade keylogger
- x macOS - Keychain
- o Malicious Word macro
- x Ransomware Android
- x Insomni’Droid
- x Multi-devices
- x Root My Droid
- x Rootkit - Cold case
- x Command & Control - level 6
- x Find me
- x Second job interview
- x Find me again
- x Find me back
- x Zeus Bot
- x Try again
44%
71%
Programación
360 Points 12/17
- o IRC - Go back to college
- o IRC - Encoded string
- o IRC - The Roman’s wheel
- o IRC - Uncompress me
- x CAPTCHA me if you can
- x Ethereum - Tutoreum
- o Arithmetic progression
- o ELF x64 - Shellcoding - Sheep warmup
- x Ethereum - Takeover
- o ARM - Shellcoding - Egg hunter
- x Ethereum - NotSoPriv8
- o ELF x64 - Shellcoding - Polymorphism
- o Quick Response Code
- o WinKern x64 - shellcoding : token stealing
- x Ethereum - BadStack
- o ELF x64 - Sandbox shellcoding
- o ELF x86 - Shellcoding - Alphanumeric
71%
41%
Realista
695 Points 16/39
- o It happens, sometimes
- x P0wn3d
- o The h@ckers l4b
- o Neonazi inside
- x Well-known
- x Bash/Awk - netstat parsing
- o PyRat Auction
- o Root them
- o IPBX - call me maybe
- o Marabout
- o Root-We
- o Starbug Bounty
- o Ultra Upload
- x Bash - System Disaster
- o Imagick
- o MALab
- o Web TV
- x SamBox v2
- o SamCMS
- o BBQ Factory - First Flirt
- o Django unchained
- x BBQ Factory - Back To The Grill
- x In Your Kubernetass
- x SamBox v1
- x SAP Pentest 007
- x Crypto Secure
- x Bozobe Hospital
- x Red Pills
- x SamBox v3
- x ARM FTP Box
- x SAP Pentest 000
- x Bluebox 2 - Pentest
- x Bluebox - Pentest
- x Highway to shell
- x SamBox v4
41%
32%
Redes
95 Points 8/25
- o FTP - authentication
- o TELNET - authentication
- o ETHERNET - frame
- o Twitter authentication
- o Bluetooth - Unknown file
- x CISCO - password
- o DNS - zone transfert
- o IP - Time To Live
- o LDAP - null bind
- x POP - APOP
- x SIP - authentication
- x ETHERNET - Patched transmission
- x Global System Traffic for Mobile communication
- x HTTP - DNS Rebinding
- x SSL - HTTP exchange
- x Netfilter - common mistakes
- x SNMP - Authentification
- x Wired Equivalent Privacy
- x ICMP payload
- x XMPP - authentication
32%
55%
Esteganografía
165 Points 11/20
- o Gunnm
- o Squared
- o Dot and next line
- o Steganomobile
- x Twitter Secret Messages
- o Some noise
- o George and Alfred
- x Poem from Space
- o Yellow dots
- o Audio stegano
- o We need to go deeper
- o Base Jumper
- o Hide and seek
- x PDF Object
- x Angecryption
- x Kitty spy
- x LSB - Uncle Scrooge
- x Pixel Indicator Technique
- x Pixel Value Differencing
- x Crypt-art
55%
96%
Web - Cliente
810 Points 23/24
- o HTML - disabled buttons
- o Javascript - Authentication
- o Javascript - Source
- o Javascript - Authentication 2
- o Javascript - Obfuscation 1
- o Javascript - Obfuscation 2
- o Javascript - Native code
- o Javascript - Webpack
- o Javascript - Obfuscation 3
- o XSS - Stored 1
- o CSP Bypass - Inline code
- o CSRF - 0 protection
- o Flash - Authentication
- o CSP Bypass - Dangling markup
- o CSP Bypass - JSONP
- o CSRF - token bypass
- o XSS - Reflected
- o CSP Bypass - Dangling markup 2
- o Javascript - Obfuscation 4
- o XSS - Stored 2
- o HTTP Response Splitting
- x Javascript - Obfuscation 5
- o XSS - Stored - filter bypass
- o XSS - DOM Based
96%
94%
Web - Servidor
1900 Points 63/67
- o HTML - Source code
- o HTTP - Open redirect
- o HTTP - User-agent
- o Weak password
- o PHP - Command injection
- o Backup file
- o HTTP - Directory indexing
- o HTTP - Headers
- o HTTP - POST
- o HTTP - Improper redirect
- o HTTP - Verb tampering
- o Install files
- o CRLF
- o File upload - Double extensions
- o File upload - MIME type
- o HTTP - Cookies
- o Insecure Code Management
- o JSON Web Token (JWT) - Introduction
- o Directory traversal
- o File upload - Null byte
- o JSON Web Token (JWT) - Weak secret
- o JWT - Revoked token
- o PHP - assert()
- o PHP - Filters
- o PHP - register globals
- o PHP - Remote Xdebug
- o File upload - ZIP
- o Command injection - Filter bypass
- o Java - Server-side Template Injection
- x JSON Web Token (JWT) - Public key
- o Local File Inclusion
- o Local File Inclusion - Double encoding
- o PHP - Loose Comparison
- o PHP - preg_replace()
- o PHP - type juggling
- o Remote File Inclusion
- o SQL injection - Authentication
- o SQL injection - Authentication - GBK
- o SQL injection - String
- o XSLT - Code execution
- o LDAP injection - Authentication
- o NoSQL injection - Authentication
- o PHP - Path Truncation
- o PHP - Serialization
- o SQL injection - Numeric
- o SQL Injection - Routed
- x SQL Truncation
- o XML External Entity
- o XPath injection - Authentication
- o GraphQL
- o Java - Spring Boot
- o Local File Inclusion - Wrappers
- o PHP - Eval
- o PHP - Unserialize overflow
- o SQL injection - Error
- o SQL injection - Insert
- o SQL injection - File reading
- o XPath injection - String
- o NoSQL injection - Blind
- o SQL injection - Time based
- o Server Side Request Forgery
- o SQL injection - Blind
- o LDAP injection - Blind
- o XPath injection - Blind
- o SQL injection - Filter bypass
94%