themaks
348
Place
5575
Points
191
Challenges
0
compromission
69%
App - Script
295 Points 11/16
- o Bash - System 1
- o sudo - faiblesse de configuration
- o Bash - System 2
- o Perl - Command injection
- o Bash - cron
- o Python - input()
- o Python - pickle
- x SSH - Agent Hijacking
- o Python - PyJail 1
- x Bash/Awk - parsing netstat
- x PHP - Jail
- o Python - PyJail 2
- o Python - Jail - Exec
- x Javascript - Jail
- x Python - Jail - Garbage collector
- o Bash - Shells restreints
69%
27%
App - Système
905 Points 20/73
- o ELF x86 - Stack buffer overflow basic 1
- o ELF x86 - Stack buffer overflow basic 2
- x PE32 - Local stack buffer overflow basic
- o ELF x86 - Format string bug basic 1
- x PE32 - Stack buffer overflow avancé
- o ELF x64 - Stack buffer overflow - basic
- o ELF x86 - Format string bug basic 2
- o ELF x86 - Race condition
- x ELF ARM - Stack buffer overflow - basic
- x ELF MIPS - Stack buffer overflow - No NX
- o ELF x86 - Stack buffer overflow basic 3
- x ELF x86 - Use After Free - basic
- x PE32+ Egg Hunter
- x ELF ARM - Stack Spraying
- o ELF x86 - BSS buffer overflow
- o ELF x86 - Stack buffer overflow basic 4
- o ELF x86 - Stack buffer overflow basic 6
- o ELF x86 - Format String Bug Basic 3
- x ELF ARM - Basic ROP
- x ELF MIPS - Basic ROP
- o ELF x86 - Stack buffer overflow - C++ vtables
- x ELF x64 - Logic bug
- x ELF x86 - Bug Hunting - Plusieurs problèmes
- o ELF x86 - Stack buffer and integer overflow
- x ELF x86 - Stack buffer overflow - ret2dl_resolve
- o ELF x86 - Stack buffer overflow basic 5
- o ELF x64 - Stack buffer overflow - avancé
- x ELF MIPS - Format String Glitch
- o ELF x86 - Information leakage with Stack Smashing Protector
- x ELF ARM - Race condition
- x ELF x64 - Browser exploit - Intro
- x ELF x86 - Out of bounds attack - French Paradox
- x ELF x86 - Remote BSS buffer overflow
- x ELF x86 - Remote Format String bug
- x PE32+ Basic ROP
- x ELF x64 - Remote heap buffer overflow - fastbin
- x ELF x86 - Blind remote format string bug
- x LinKern ARM - syscall vulnérable
- x LinKern x86 - Buffer overflow basic 1
- x LinKern x86 - Null pointer dereference
- x LinKern x64 - Race condition
- x ELF ARM - Shellcode alphanumérique
- x ELF MIPS - URLEncoded Format String bug
- o ELF x86 - Hardened binary 1
- o ELF x86 - Hardened binary 2
- x ELF x86 - Hardened binary 3
- o ELF x86 - Hardened binary 4
- x LinKern MIPSel - Vulnerable ioctl
- x LinKern x64 - code réentrant
- x ELF ARM - Heap format string bug
- x ELF x64 - Sigreturn Oriented Programming
- x ELF ARM - Format String bug
- x ELF ARM - Use After Free
- x ELF x64 - Heap feng-shui
- x ELF x64 - Off-by-one bug
- o ELF x86 - Hardened binary 5
- x LinKern ARM - Stack Overflow
- x LinKern x86 - basic ROP
- x ELF ARM - Heap Off-by-One
- x ELF x64 - Remote Heap buffer overflow 1
- x ELF x86 - Hardened binary 6
- x ELF x86 - Hardened binary 7
- x ELF x86 - Remote stack buffer overflow - Hardened
- x LinKern x64 - RowHammer
- x LinKern x64 - SLUB off-by-one
- x ELF ARM - Heap buffer overflow - Wilderness
- x ELF ARM - Heap Overflow
- x ELF x64 - Seccomp Whitelist
- x ELF x86 - Blind ROP
- x Linkern x64 - Memory exploration
- x ELF x64 - Remote Heap buffer overflow 2
- x ELF x64 - Blind ROP
- x ELF x64 - Browser exploit - BitString
27%
97%
Cracking
1225 Points 34/35
- o ELF x86 - 0 protection
- o ELF x86 - Basique
- o PE x86 - 0 protection
- o ELF C++ - 0 protection
- o PE DotNet - 0 protection
- o ELF MIPS - Basic Crackme
- o ELF x64 - Golang basique
- o ELF x86 - Fake Instructions
- o ELF x86 - Ptrace
- o ELF ARM - Basic Crackme
- o PYC - ByteCode
- o ELF x86 - Pas de points d’arrêt logiciels
- o MachO x64 - keygenme or not
- o ELF ARM - crackme 1337
- o ELF x86 - CrackPass
- o ELF x86 - ExploitMe
- o ELF x86 - Random Crackme
- o GB - Basic GameBoy crackme
- o PDF - Javascript
- o PE x86 - Xor Madness
- o ELF ARM - Crypted
- o ELF x64 - Automatisation du crackme
- o PE x86 - SEHVEH
- o APK - Anti-debug
- o ELF x64 - Nanomites - Introduction
- o ELF x86 - Anti-debug
- o PE x86 - AutoPE
- o ELF x86 - KeygenMe
- o ELF x64 - Anti-debug et equations
- o ELF x64 - Nanomites
- o ELF x86 - Packed
- o PE x86 - RunPE
- o ELF x86 - VM
- x Ringgit
- o White-Box Cryptography #2
97%
65%
Cryptanalyse
785 Points 31/48
- o Encodage - ASCII
- o Encodage - UU
- o Hash - Message Digest 5
- o Hash - SHA-2
- o Chiffrement par décalage
- o Décomposition pixelisée
- o ELF64 - Chiffrement avec le PID
- o Fichier - PKZIP
- o Substitution monoalphabétique - César
- o Clair connu - XOR
- o Code - Pseudo Random Number Generator
- o File - Insecure storage 1
- o Substitution polyalphabétique - Vigenère
- o Système - Android lock pattern
- o Transposition - Rail Fence
- x AES - CBC - Bit-Flipping Attack
- o AES - ECB
- x LFSR - Clair connu
- o RSA - Factorisation
- o RSA - Oracle de déchiffrement
- o Service - Timing attack
- o Substitution monoalphabétique - Polybe
- o Vecteur d’initialisation
- x GEDEFU
- o RSA - Clé privée corrompue 1
- o RSA - Fractions continues
- o RSA - Modules communs
- x Service - Hash length extension attack
- x AES - 4 tours
- x ECDSA - Introduction
- o RSA - Padding
- o AES128 - CTR
- o Problème du logarithme discret
- x RSA - Clé privée corrompue 2
- x RSA - Clé privée corrompue 3
- o RSA - Multiples destinataires
- x AES - Attaque par fautes #1
- x Machine Enigma
- o ECDHE
- x RSA - Lee cooper
- o Service - CBC Padding
- x Substitution polyalphabétique - Masque jetable
- o White-Box Cryptography
- x AES - Variante affaiblie
- x Hash - SHA-3
- x AES - Attaque par fautes #2
- x AES-PMAC
- x ECDSA - Erreur d’implémentation
65%
64%
Forensic
580 Points 16/25
- o Command & Control - niveau 2
- o Analyse de logs - attaque web
- o Command & Control - niveau 5
- o Trouvez le chat
- o Vilain petit canard
- o Active Directory - GPO
- o Command & Control - niveau 3
- x Exfiltration DNS
- o Command & Control - niveau 4
- o Entretien à l’ANSSI
- x Keylogger maison
- x macOS - Keychain
- o Macro Word malveillante
- o Ransomware Android
- x Insomni’Droid
- x Multi-devices
- x Root My Droid
- x Rootkit - Cold case
- o Command & Control - niveau 6
- o Find me
- o Second entretien à l’ANSSI
- o Find me again
- x Find me back
- o Zeus Bot
- x Try again
64%
33%
Programmation
55 Points 5/15
- o Retour au collège
- o Chaîne encodée
- o La Roue Romaine
- o Uncompress me
- x CAPTCHA me if you can
- x Ethereum - Tutoreum
- o Suite arithmétique
- x ELF x64 - Shellcoding - Sheep warmup
- x Ethereum - Takeover
- x Ethereum - NotSoPriv8
- x ELF x64 - Shellcoding - Polymorphism
- x Quick Response Code
- x Ethereum - BadStack
- x ELF x64 - Sandbox shellcoding
- x ELF x86 - Shellcoding - Alphanumeric
33%
13%
Réaliste
205 Points 4/31
- o Eh oui, parfois
- x P0wn3d
- x The h@ckers l4b
- x Néonazi à l’intérieur
- o PyRat Enchères
- x Root them
- x IPBX - call me maybe
- x Marabout
- x Root-We
- x Starbug Bounty
- o Ultra Upload
- x Imagick
- x MALab
- x Web TV
- x SamBox v2
- x SamCMS
- x BBQ Factory - First Flirt
- x Django unchained
- x BBQ Factory - Back To The Grill
- x SamBox v1
- x SAP Pentest 007
- x Crypto Secure
- x Hôpital Bozobe
- x Red Pills
- x SamBox v3
- x ARM FTP Box
- x SAP Pentest 000
- x Bluebox 2 - Pentest
- o Bluebox - Pentest
- x Highway to shell
- x Sambox v4
13%
72%
Réseau
255 Points 13/18
- o FTP - Authentification
- o TELNET - authentification
- o ETHERNET - trame
- o Authentification twitter
- o Bluetooth - Fichier inconnu
- o CISCO - mot de passe
- x DNS - transfert de zone
- o IP - Time To Live
- x LDAP - null bind
- o SIP - Authentification
- o ETHERNET - Transmission altérée
- o Trafic Global System for Mobile communications
- o SSL - échange HTTP
- o Netfilter - erreurs courantes
- x SNMP - Authentification
- x Wired Equivalent Privacy
- o Charge ICMP
- x XMPP - Authentification
72%
47%
Stéganographie
175 Points 9/19
- o Gunnm
- o Pas très carré
- x Point à la ligne
- o Steganomobile
- x Twitter Secret Messages
- x Du bruit
- o George et Alfred
- x Points jaunes
- x Audio stégano
- o We need to go deeper
- x Base Jumper
- x Hide and seek
- o Objet PDF
- x Angecryption
- x Kitty spy
- o LSB - Un canard qui pèse son poids
- o Pixel Indicator Technique
- x Pixel Value Differencing
- o Crypt-art
47%
47%
Web - Client
120 Points 9/19
- o HTML - boutons désactivés
- o Javascript - Authentification
- o Javascript - Source
- o Javascript - Authentification 2
- o Javascript - Obfuscation 1
- o Javascript - Obfuscation 2
- o Javascript - Native code
- o Javascript - Obfuscation 3
- o XSS - Stockée 1
- x CSRF - 0 protection
- x Flash - Authentification
- x CSRF - contournement de jeton
- x XSS - Volatile
- x Javascript - Obfuscation 4
- x XSS - Stockée 2
- x HTTP Response Splitting
- x Javascript - Obfuscation 5
- x XSS - Stored - contournement de filtres
- x XSS - DOM Based
47%
64%
Web - Serveur
975 Points 39/61
- o HTML - Code source
- o HTTP - Open redirect
- o HTTP - User-agent
- o Mot de passe faible
- o PHP - Injection de commande
- o Fichier de sauvegarde
- o HTTP - Directory indexing
- o HTTP - Headers
- x HTTP - POST
- o HTTP - Redirection invalide
- o HTTP - Verb tampering
- o Install files
- o CRLF
- o File upload - Double extensions
- o File upload - Type MIME
- o HTTP - Cookies
- o Insecure Code Management
- x JSON Web Token (JWT) - Introduction
- o Directory traversal
- o File upload - Null byte
- x JSON Web Token (JWT) - Secret faible
- o PHP - assert()
- o PHP - Filters
- o PHP - Register globals
- o File upload - ZIP
- o Injection de commande - Contournement de filtre
- x Java - Server-side Template Injection
- x JSON Web Token (JWT) - Clé publique
- o Local File Inclusion
- o Local File Inclusion - Double encoding
- x PHP - Loose Comparison
- o PHP - preg_replace()
- o PHP - Type juggling
- o Remote File Inclusion
- o SQL injection - Authentification
- x SQL injection - Authentification - GBK
- o SQL injection - String
- o XSLT - Exécution de code
- x LDAP injection - Authentification
- o NoSQL injection - Authentification
- x PHP - Path Truncation
- o PHP - Sérialisation
- o SQL injection - Numérique
- x SQL Injection - Routed
- x SQL Truncation
- o XML External Entity
- x XPath injection - Authentification
- x Java - Spring Boot
- x Local File Inclusion - Wrappers
- x PHP - Eval
- o SQL injection - Error
- x SQL injection - Insert
- o SQL injection - Lecture de fichiers
- x XPath injection - String
- x NoSQL injection - En aveugle
- o SQL injection - Time based
- x Server Side Request Forgery
- o SQL injection - En aveugle
- x LDAP injection - En aveugle
- x XPath injection - En aveugle
- x SQL injection - Contournement de filtres
64%