sourcePerrier
App - Script
445 Points 14/14
- x Bash - System 1
- x sudo - faiblesse de configuration
- x Bash - System 2
- x Perl - Command injection
- x Bash - cron
- x Python - input()
- x Python - pickle
- x Python - PyJail 1
- x Bash/Awk - parsing netstat
- x Python - PyJail 2
- x Python - Jail - Exec
- x Javascript - Jail
- x Python - Jail - Garbage collector
- x Shells restreints
100%
App - Système
1470 Points 29/58
- x ELF x86 - Stack buffer overflow basic 1
- x ELF x86 - Stack buffer overflow basic 2
- x ELF x86 - Format string bug basic 1
- x ELF x64 - Stack buffer overflow - basic
- x ELF x86 - Format string bug basic 2
- x ELF x86 - Race condition
- x ELF ARM - Stack buffer overflow - basic
- x ELF x86 - Stack buffer overflow basic 3
- x ELF ARM - Stack Spraying
- x ELF x86 - BSS buffer overflow
- x ELF x86 - Stack buffer overflow basic 4
- x ELF x86 - Stack buffer overflow basic 6
- x ELF x86 - Format String Bug Basic 3
- x ELF ARM - Basic ROP
- x ELF x86 - Stack buffer overflow - C++ vtables
- o ELF x64 - Logic bug
- o ELF x86 - Bug Hunting - Plusieurs problèmes
- x ELF x86 - Stack buffer and integer overflow
- x ELF x86 - Stack buffer overflow basic 5
- x ELF x64 - Stack buffer overflow - avancé
- x ELF x86 - Information leakage with Stack Smashing Protector
- o ELF ARM - Race condition
- o ELF x86 - Out of bounds attack - French Paradox
- x ELF x86 - Remote BSS buffer overflow
- x ELF x86 - Remote Format String bug
- x ELF x64 - Remote heap buffer overflow - fastbin
- x ELF x86 - Blind remote format string bug
- o LinKern ARM - syscall vulnérable
- x LinKern x86 - Buffer overflow basic 1
- x LinKern x86 - Null pointer dereference
- x LinKern x64 - Race condition
- o ELF ARM - Shellcode alphanumérique
- x ELF x86 - Hardened binary 1
- x ELF x86 - Hardened binary 2
- x ELF x86 - Hardened binary 3
- o ELF x86 - Hardened binary 4
- o LinKern x64 - code réentrant
- o ELF ARM - Heap format string bug
- o ELF x64 - Sigreturn Oriented Programming
- o LinKern x86 - basic ROP
- o ELF ARM - Format String bug
- o ELF ARM - Use After Free
- o ELF x64 - Heap feng-shui
- o ELF x64 - Off-by-one bug
- o ELF x86 - Hardened binary 5
- o LinKern ARM - Stack Overflow
- o ELF ARM - Heap Off-by-One
- o ELF x64 - Remote Heap buffer overflow 1
- o ELF x86 - Hardened binary 6
- o ELF x86 - Hardened binary 7
- o ELF x86 - Remote stack buffer overflow - Hardened
- o ELF ARM - Heap buffer overflow - Wilderness
- o ELF ARM - Heap Overflow
- o ELF x64 - Seccomp Whitelist
- o ELF x86 - Blind ROP
- o Linkern x64 - Memory exploration
- o ELF x64 - Remote Heap buffer overflow 2
- o ELF x64 - Blind ROP
50%
Cracking
995 Points 28/28
- x ELF - 0 protection
- x ELF - x86 Basique
- x PE - 0 protection
- x ELF C++ - 0 protection
- x PE DotNet - 0 protection
- x ELF - Fake Instructions
- x ELF - Ptrace
- x ELF ARM - basic crackme
- x PYC - ByteCode
- x ELF - Pas de points d’arrêt logiciels
- x MachO x64 - keygenme or not
- x ELF - CrackPass
- x ELF - ExploitMe
- x ELF - Random Crackme
- x ELF ARM - crackme 1337
- x PDF - Javascript
- x ELF ARM - Crypted
- x PE - SEHVEH
- x APK - Anti-debug
- x ELF - Anti-debug
- x ELF x64 - Nanomites - Introduction
- x PE - AutoPE
- x ELF - KeygenMe
- x ELF x64 - Anti-debug et equations
- x ELF - Packed
- x ELF x64 - Nanomites
- x PE - RunPE
- x ELF - VM
100%
Cryptanalyse
960 Points 36/37
- x Encodage - ASCII
- x Encodage - UU
- x Hash - Message Digest 5
- x Hash - SHA-2
- x Chiffrement par décalage
- x Décomposition pixelisée
- x ELF32 - Chiffrement avec le PID
- x Fichier - PKZIP
- x Substitution monoalphabétique - César
- x Clair connu - XOR
- x Code - Pseudo Random Number Generator
- x File - Insecure storage 1
- x Substitution polyalphabétique - Vigenère
- x Système - Android lock pattern
- x Transposition - Rail Fence
- x AES - ECB
- x LFSR - Clair connu
- x RSA - Factorisation
- x RSA - Oracle de déchiffrement
- x Service - Timing attack
- x Substitution monoalphabétique - Polybe
- x Vecteur d’initialisation
- x GEDEFU
- x RSA - Clé privée corrompue V1
- x RSA - Fractions continues
- x RSA - Modules communs
- x Service - Hash length extension attack
- x RSA - Padding
- x AES128 - CTR
- x Problème du logarithme discret
- x RSA - Clé privée corrompue V2
- x RSA - Multiples destinataires
- x Machine Enigma
- x ECDHE
- x Service - CBC Padding
- x Substitution polyalphabétique - Masque jetable
- o Hash - SHA-3
97%
Forensic
765 Points 20/20
- x Command & Control - niveau 2
- x Analyse de logs - attaque web
- x Command & Control - niveau 5
- x Trouvez le chat
- x Vilain petit canard
- x Active Directory - GPO
- x Command & Control - niveau 3
- x Exfiltration DNS
- x Command & Control - niveau 4
- x Entretien à l’ANSSI
- x Macro Word malveillante
- x Ransomware Android
- x Insomni’Droid
- x Root My Droid
- x Command & Control - niveau 6
- x Find me
- x Second entretien à l’ANSSI
- x Find me again
- x Zeus Bot
- x Try again
100%
Réaliste
880 Points 19/26
- x Eh oui, parfois
- x P0wn3d
- x The h@ckers l4b
- x Néonazi à l’intérieur
- x PyRat Enchères
- x Root them
- x IPBX - call me maybe
- x Marabout
- x Root-We
- x Starbug Bounty
- x Ultra Upload
- x Imagick
- x MALab
- x Web TV
- x SamBox v2
- x SamCMS
- x SamBox v1
- o SAP Pentest 007
- x Crypto Secure
- x Red Pills
- o SamBox v3
- o ARM FTP Box
- o SAP Pentest 000
- o Bluebox 2 - Pentest
- o Bluebox - Pentest
- o Highway to shell
73%
Réseau
385 Points 17/17
- x FTP - Authentification
- x TELNET - authentification
- x ETHERNET - trame
- x Authentification twitter
- x CISCO - mot de passe
- x DNS - transfert de zone
- x IP - Time To Live
- x LDAP - null bind
- x SIP - Authentification
- x ETHERNET - Transmission altérée
- x Trafic Global System for Mobile communications
- x SSL - échange HTTP
- x Netfilter - erreurs courantes
- x SNMP - Authentification
- x Wired Equivalent Privacy
- x Charge ICMP
- x XMPP - Authentification
100%
Stéganographie
325 Points 16/16
- x Gunnm
- x Pas très carré
- x Point à la ligne
- x Steganomobile
- x Twitter Secret Messages
- x Du bruit
- x George et Alfred
- x Audio stégano
- x Base Jumper
- x Objet PDF
- x We need to go deeper
- x Angecryption
- x LSB - Un canard qui pèse son poids
- x Pixel Indicator Technique
- x Pixel Value Differencing
- x Crypt-art
100%
Web - Client
455 Points 16/19
- x HTML - boutons désactivés
- x Javascript - Authentification
- x Javascript - Source
- x Javascript - Authentification 2
- x Javascript - Obfuscation 1
- x Javascript - Obfuscation 2
- x Javascript - Native code
- x Javascript - Obfuscation 3
- x XSS - Stockée 1
- x CSRF - 0 protection
- x Flash - Authentification
- x CSRF - contournement de jeton
- x XSS - Volatile
- x Javascript - Obfuscation 4
- x XSS - Stockée 2
- x HTTP Response Splitting
- o Javascript - Obfuscation 5
- o XSS - Stored - contournement de filtres
- o XSS - DOM Based
84%
Web - Serveur
1635 Points 54/54
- x HTML
- x HTTP - Open redirect
- x Injection de commande
- x Mot de passe faible
- x User-agent
- x Fichier de sauvegarde
- x HTTP directory indexing
- x HTTP Headers
- x HTTP verb tampering
- x Install files
- x Redirection invalide
- x CRLF
- x File upload - double extensions
- x File upload - type MIME
- x HTTP cookies
- x Directory traversal
- x File upload - null byte
- x PHP assert()
- x PHP filters
- x PHP register globals
- x File upload - ZIP
- x Injection de commande - contournement de filtre
- x Local File Inclusion
- x Local File Inclusion - Double encoding
- x PHP - Loose Comparison
- x PHP preg_replace()
- x PHP type juggling
- x Remote File Inclusion
- x Server-side Template Injection
- x SQL injection - authentification
- x SQL injection - authentification - GBK
- x SQL injection - string
- x XSLT - Code execution
- x LDAP injection - authentification
- x NoSQL injection - authentification
- x Path Truncation
- x PHP Sérialisation
- x SQL injection - numérique
- x SQL Injection - Routed
- x SQL Truncation
- x XML External Entity
- x XPath injection - authentification
- x Java - Spring Boot
- x Local File Inclusion - Wrappers
- x SQL injection - Error
- x SQL injection - Insert
- x SQL injection - lecture de fichiers
- x XPath injection - string
- x NoSQL injection - en aveugle
- x SQL injection - Time based
- x SQL injection - en aveugle
- x LDAP injection - en aveugle
- x XPath injection - en aveugle
- x SQL injection - contournement de filtres
100%