• INS'hAck CTF 2018 - sudo

    I just wrote a program to easily launch program as other users without using sudo and all its painful configuration. Mind having a look? ssh sudo@sudo.ctf.insecurity-insa.fr -p 11111 (password: sudo)

  • INS'hAck CTF 2018 - base65535

    Base 64 is too mainstream but we could not manage to decide on the final encoding scheme… https://base65536.ctf.insecurity-insa.fr

  • INS'hAck CTF 2018 - Whitehouse

    Part 1

    We got access to the White House’s registration page which allows to recover nuclear bomb codes. Will you be able to recover the nuclear codes for Bill Clinton? Please note that it’s easy to get a nuclear code that looks like a flag for any username, but only Bill Clinton’s code will be valid (and you guessed it, the system won’t let you get that one too easily). The White House’s server is available at nc whitehouse.ctf.insecurity-insa.fr 18470

  • INS'hAck CTF 2018 - GCorp Stage 4

    You’re almost done with this, try harder! Once you have all the needed information from previous step, go have a look here (https://gcorp-stage-4.ctf.insecurity-insa.fr/) Note: you should validate stage 3 to have more information on stage 4.

  • INS'hAck CTF 2018 - CustomA5/1

    As crypto expert we designed our own streamcipher that combines two linear elements into a secure design. It works as follows. The secret key of NONSENSE consists of two invertible matrices K 51 , K 52 ∈ Z 64×64 To encrypt a plaintext M of l bits, our algorithm takes a 64-bit IV, generates an l-bit key stream k and computes the ciphertext C = M ⊕ k. The keystream is generated in 64-bit blocks as implemented in our open source file. To enforce a bit more the security, we decided to include IV into the secret key as well, it is incremented after every encryption query by 1, i.e. IV = (int(IV) + 1 mod 2^64 i) with limited 64 bits. You can find attached our implementation and here is our incrackable test : BXkOb8rYcnNpR3db/Ly5cD+EyBJnm8sorjHZTx/yAhUi