Skip to content

Instantly share code, notes, and snippets.

@evost
Created April 24, 2021 14:47
Show Gist options
  • Save evost/b3673f965d75e0f6387ce13aa2e9302a to your computer and use it in GitHub Desktop.
Save evost/b3673f965d75e0f6387ce13aa2e9302a to your computer and use it in GitHub Desktop.

Платформа лагает, иногда помогает обновление страницы и переаход в аккаунт.

На всякий случай выкладываю задания тут.



Web

AI

Ai Authentication (45)

Oh my, I hate this company ! They don't stop bragging about how their new authentication system is unbreakable. They claim password have no future.

I'm sure you can prove them wrong. Authenticate as their CEO.

URL : https://ai.heroctf.fr:5000

(You need a webcam to flag. I promise I do not keep ANY image on the server)

Format : Hero{}

Author : iHuggsy

Box

DevOps User (300)

Can you find the user.txt flag on the box ?

URL : http://box.heroctf.fr (only dockers are on the scope, not the real machine behind)

The machine resets itself every hour, so keep track of your work !

Format : Hero{}

Author : xanhacks

Hint : There are a some steps and a lot of information to consider before validating this machine, but the overall level remains easy.

Hint : You get a password ? Check other services !

nmap.txt : https://www.heroctf.fr/challenges#DevOps%20User

Web

PwnQL #1 (50)

Login as admin to get the flag.

URL : http://chall1.heroctf.fr:8080

Format : Hero{}

Author : xanhacks

0xSSRF (60)

Get the flag !

URL : http://chall1.heroctf.fr:3000

Format : Hero{}

Author : xanhacks

You Should Die (60)

Could you retrieve the flag from this Marketing company ?

URL : http://chall1.heroctf.fr:9000

Format : Hero{}

Author : xanhacks

Black Market (150)

A group of hackers sell illegal services on the deep web. This site has already caused a lot of damage, it must be stopped!

Find a way to take control of the web server!

URL : http://chall2.heroctf.fr:3050

Format : Hero{}

Author : Worty

Magic Render (200)

Another site that proposes to format HTML and display it in a page.

Nevertheless, this one is quite permissive, you can even execute javascript without any problem.

The alpha version of this project deserves to be tested before being released in production.

URL : http://chall2.heroctf.fr:7000/

Format : Hero{}

Author : Worty

Forensic

Blockchain

Transfer (25)

We've been tracking drug dealers for a few years. The only thing we got from their network is a hash : bfa8b1c8b7f6acc867d6984968756cafd0da99060aa6d90dfb0db1a9ef0c96a2

Can you tell us where the money is gone?

Format : Hero{HASH}

Author : iHuggsy

Forensic

We need you 1/5 (50)

Interpol and the FBI have been investigating for over a year now. They are trying to get their hands on two hackers very well known for their ransomware and their ultra efficient botnet.

After long months of investigation, they managed to get their hands on one of their servers. But, when they got it back the PC caught fire because of a defense mechanism set up by the two hackers.

The hard drive could not be saved, but they had time to put the RAM in liquid nitrogen and analyze it later.

You know what you have to do!

For this first step, find the name of the PC!

Download : http://chall0.heroctf.fr/Challenge.zip

Format: Hero{Name}

Author: Worty

HeroRPG (75)

This RPG game wasn't well designed, and I am pretty sure there is no way to win... Or is it ?

To run the game, go to the Hero/www folder and run sudo python3 -m http.server 80. The game is available through your browser : http://localhost:80

You can move around with the arrow keys, interact with enter, and open your inventory with X.

The game : https://drive.google.com/file/d/1VXezRNMVesUn4xNrWyi7sMNwXnL7cySR/view?usp=sharing

Format : Hero{}

Auteur : Log_s

Progs & Reverse

Crypto

h4XOR (75)

Can you recover the flag.png image ?

Format : Hero{flag}

Author : xanhacks

Hint : The xor function is from the pwntools module.

flag.png.enc & xor.py : https://www.heroctf.fr/challenges#h4XOR

ExtractMyBlocks (125)

The company PasswordS3cure created a new password reset functionality. Could you crack it and find the flag ?

nc chall0.heroctf.fr 10000

Format : Hero{flag}

Author : xanhacks

challenge.py : https://www.heroctf.fr/challenges#ExtractMyBlocks

Kernel

Kernel Module #1 (50)

Message from : Mom 23/04/21 21:00

Hey sweetheart !

I left a little something for you in the safe.

It's unlocked, so you just have to retrieve it.

Love you ! xoxo

PS : Happax, the cat, has been behaving oddly lately..

ssh -p 4822 kern1@ai.heroctf.fr

password : kern1_fip

Format : Hero{}

Author : iHuggsy

Ring0 Calling (100)

I like to compile my kernels. And I like to do it the old way. And I also like doing it 50x times because I forgot an option.

Can you get the flag ?

ssh -p 4822 ring0@ai.heroctf.fr

password : ring0_lol

Format : Hero{}

Authors : SoEasY & iHuggsy

Prog

Ping Pong (45)

Could you get the flag ?

Format : Hero{}

Author : xanhacks

output.txt : https://www.heroctf.fr/challenges#Ping%20Pong

PRo Random Guesser (50)

Everybody loves a little guessing challenge right ? Guess the number \o/

- Love, Mersenne

/!\ If you are using a script, you have to append '\n' to any data you wish to send back.

Host : chall0.heroctf.fr Port : 7003

Format : Hero{}

Author : Log_s

Faster (75)

Send the result back in time ^^P.

/!\ If you are using a script, you have to append '\n' to any data you wish to send back.

Host : chall0.heroctf.fr Port : 7002

Format : Hero{}

Author : Log_s

Hint : If you're stuck, take the time to read the assignement carefully

Puzzle Me (100)

Back to kindergarten !

Here is a puzzle to solve. Unfortunalty the other kids din't take good care of it, and the pieces are worn out...

Format : Hero{}

Author : Log_s

pieces.zip : https://www.heroctf.fr/challenges#Puzzle%20Me

White Market (100)

Welcome to the year 2080, you have just finished shopping and you set yourself a challenge.

A robot scans barcodes at a phenomenal speed, you tell yourself that with a little programming, you can beat it.

Calculate the price of your shopping before the robot does!

Challenge : nc chall0.heroctf.fr 7005

Format : Hero{}

Author : Worty

market.txt : https://www.heroctf.fr/challenges#White%20Market

Rerecaptcha_v1 (200)

Damn hackers keep pwning my website, I've finally found a way to slow them down.

URL : http://chall3.heroctf.fr:8081

Author: yarienkiva

Format: Hero{}

Reverse

EasyAssembly (40)

Don't worry, this one is quite easy :) Could be a good introduction to assembly !

Format : Hero{input:modified}

Author : SoEasY

EasyAssembly.asm : https://www.heroctf.fr/challenges#EasyAssembly

sELF control (75)

I found a program to read the flag but it seems to be broken... Could you help me patching patching two bytes to make it functional ?

Challenge : nc chall0.heroctf.fr 2048

Format : Hero{}

Author : SoEasY

READFLAG : https://www.heroctf.fr/challenges#sELF%20control

JNI (90)

Find the flag in this android application.

Format : Hero{}

Author : xanhacks

JNI.apk : https://www.heroctf.fr/challenges#JNI

Password Keeper (100)

You are mandated to pentest a new password manager application. Try to log your self to the application !

Format : Hero{user:password}

Author : SoEasY

hero-password-keeper.app.zip : https://www.heroctf.fr/challenges#Password%20Keeper

ARMada (110)

You are commissioned to test a new military-grade encryption, but apparently the developers haven't invented much...

nc chall0.heroctf.fr 3000

Format : Hero{}

Author : SoEasY

ARMada.bin : https://www.heroctf.fr/challenges#ARMada

fatBoy (125)

You'll never find my flag.

Format : Hero{}

Author : SoEasY

fatBoy : https://www.heroctf.fr/challenges#fatBoy

WTF (350)

Find the flag in this android application.

Format : Hero{}

Author : SoEasY

WTF : https://www.heroctf.fr/challenges#WTF

OSINT & Steganography

Misc

Discord (1)

Join our Discord server and read the rules !

URL : https://discord.gg/PhNkPrfeJG

Format : Hero{}

Author : xanhacks

Record (15)

Can you find anything special about this domain heroctf.fr ?

Hint : https://dnsdumpster.com/

Format : Hero{}

Author : xanhacks

Cubes (40)

#257 ; #260 ; #282 ; #12 ; #349:2 ; #344 ; #383:120 ; #368

The flag is in in lowercase, without spaces.

Format : Hero{}

Author : Log_s

Russian Doll (50)

Go deeper !

Format : Hero{}

Author : Enarior / xanhacks

archive.zip : https://www.heroctf.fr/challenges#Russian%20Doll

OSINT

Find Me (10)

Could you retrieve where this photo was taken ?

Format : Hero{place}

Author : xanhacks

find_me.jpg : https://www.heroctf.fr/challenges#Find%20Me

Social ID #1 (15)

Can you find the twitter ID of @HeroCTF.

Format : Hero{twitter_id}

Author : xanhacks

Pushhhh (35)

The flag is in one of the two Github repositories of the last HeroCTF edition. Could you find it ?

Format : Hero{}

Author : xanhacks

ProtonDate (40)

Can you retrieve the creation date of this email address, xanhacks@protonmail.com.

Format : Hero{time_stamp} or Hero{YYYY-MM-DD}

Author : xanhacks

Hint : You need to convert your date to a unix timestamp (http://timestamp.fr/) UTC+0

Good French Charcuterie (60)

One of our agents has turned over his coat: this puts us in a very delicate situation. Try to compromise her account to find out who she is working for. Use your OSINT and social engineering skills to complete this mission successfully.

Name : Adèle Morte

(No need to speak French)

Format : Hero{}

Author : Thib

Hint : You don't have to find his job, you have to compromise his account... (find one of her passwords)

Steganography

HolyAbbot (15)

A certain abbot tried to give us a message...

(the message is in lower case) (No need to speak French)

Format : Hero{messageinlowercase}

Author : Thib

HolyAbbot.txt : https://www.heroctf.fr/challenges#HolyAbbot

PWN

Pwn

Win, but twisted (30)

Just a little warm up, but hey, without the twist it would've been too simple. Get the flag from the server.

Challenge : nc pwn.heroctf.fr 9003

Format : Hero{}

Author : iHuggsy

WinButTwisted : https://www.heroctf.fr/challenges#Win,%20but%20twisted

High Stakes (50)

This casino is SOOOO totally rigged. I have lost everything .. I literally lost 300 times in a row !

This does not seem possible. I really wanted to buy the flag from the shop, but right now I'm so broke I'm not even allowed to think about it. Lucky as you are, you'll manage to win enough money to buy it for me, right bro ?

Challenge : nc pwn.heroctf.fr 9001

Format : Hero{}

Author : iHuggsy

Happy the Boss (75)

Happy the cat is the worse boss you'll ever face. Game is harder than Darksouls.

What do we say already ? GIT GUD ?.

Oh btw, check the category well ! ;)

Format : Hero{}

Author : iHuggsy

HappyBossFight.exe : https://www.heroctf.fr/challenges#Happy%20the%20Boss

Integer Santa (75)

Tell Santa what you want for chrismas !

Challenge : nc pwn.heroctf.fr 9000

Format : Hero{}

Author : SoEasY

SANTA.bin : https://www.heroctf.fr/challenges#Integer%20Santa

RiteOfPassage (350)

You think you know how to ROP ?

The flag is in the flag/ folder. I'm not giving you the filename.. :(

Oh and uuuh, I think I might have forbidden execve and execveat..

Good luck !

Challenge : nc pwn.heroctf.fr 9002

Format : Hero{}

Author : iHuggsy

System

The Dark Knight (50)

The Batman is lurking in the shadows, ready to take down the next criminal. Usually we don't mind, but he has some critical intel he won't share about the Joker : his password one the network. Gordon, find who he is and get the intel. We know it's one of the users of this network.

Good luck.

ssh gordon@chall0.heroctf.fr -p 5005

password : password123

Format : Hero{}

Author : Log_s

Assistant (75)

Welcome ! This machine is equiped with the next generation personnal assistant technology. Make good use of it ;)

ssh brian@chall0.heroctf.fr -p 5000

password : password123

Format : Hero{}

Author : Log_s

Hint : Don't forget to check what you can run as root without password

PrivesCorp #1: Probabtion (100)

You're on probabtion at this new firm, PrivesCorp. You have to give your superiors a report on the finanial situation of the company. But a not so kind colleague locked the file... You have to prove yourself, and therefore handle it on your own. Get the content of the file.

ssh bob@chall0.heroctf.fr -p 5001

password : password123

Format : Hero{}

Auteur : Log_s

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment