For this challenge, you only need to know how does RSA works. And a beautiful website named dcode.org. We have all the information to decrypt the ciphertext: With that information, go to RSA-cipher page and just fill the gaps ! And then you have your flag !
This challenge was an introduction one, made for beginners like me. Looking at the webapp The web application is located at http://challenges2.france-cybersecurity-challenge.fr:5001/ If we use the search bar : Looking at the url gives us : http://challenges2.france-cybersecurity-challenge.fr:5001/index.php?search=I+love+cybersecurity+%21 As the tags of the challenge mentioned XSS, I knew where to look at. In the contact page […]
This was my first pwn ever made so I was pretty happy when I got the flag. We could access to the challenge with the following info : SUID binary By doing ‘ls’, we find the following files : Executing cat on stage0.c file permits us to get the source code which I commented : […]
Now, let’s talk about the MyWhois challenge. This approach is made for full beginners who never exploited command injections before. This one took place in a simple web app as the following screen capture shows : Playing the game of good user Let’s try to use this app as a normal user would do : […]
Let’s start with a very simple challenge. The one is to read a file in python (not that difficult…). We connect to the challenge via the following command: To read a file in 1 python line, here is the trick : Which gives us the following flag : FCSC{d6125af647740672b2899a2ee563a011755ba0d665e852fb360614dd52418d60}