Stripe CTF: Level #7

Posted on dim. 09 décembre 2012 in Write-up

level07-logo.jpg

You can find the code for this level here.

(sha256: d497f25a620a2ad5e3850bf642cfc1df988e32b612d06f48fffa271912726e86)

This level is the most delicious of all: you can order waffles online, and the company will have them delivered to the location you specified. There are seven types of waffle: veritaffle, belgian, brussels, eggo, chicken (premium), dream (premium …

Continue reading

Stripe CTF: Level #6

Posted on dim. 28 octobre 2012 in Write-up

level06-logo.jpg

You can find the code for this level here.

(sha256: 0fed78164db1eced67ff8eeba0998c81901880b293667f63f74e2838e63d2bf3)

This level is a message board: you can share updates with your friends. The only thing is, you can't put messages with quotes and double quotes, in order to prevent SQL injection. You also can't change your password, but …

Continue reading

Stripe CTF: Level #5

Posted on sam. 27 octobre 2012 in Write-up

level05-logo.jpg

You can find the code for this level here.

(sha256: 82b066cca46fd24a16959ada973d6df0d7c693f7791a8b673add276f324a5885)

This level wants to solve a real problem: identification. We have too many online accounts and we have to remember usernames/passwords for everyone of them. It would be way simpler to be able to log into a new …

Continue reading

Stripe CTF: Level #4

Posted on sam. 27 octobre 2012 in Write-up

level04-logo.jpg

You can find the code for this level here.

(sha256: 07a8338f0ecf92537daedb60709cd8211a790a23f9c25a101e069614b32da2a8)

This level wants you to spread joy over the world. You have a certain amount of karma you can distribute to people. But to be sure that you only send karma to people you really trust to be good …

Continue reading

Stripe CTF: Level #3

Posted on ven. 26 octobre 2012 in Write-up

level03-logo.png

You can find the code for this level here.

(sha256: 8710c082daed1839806addebeda44c6e5496d44a33f7eb3f23a577b6a5fc26d5)

The company who built the vault of level 0 learned its lesson: you now have to identify before accessing your guarded secrets.

The company kindly tells you that other users have already chosen to use their product, and even …

Continue reading

Stripe CTF: Level #2

Posted on sam. 13 octobre 2012 in Write-up

level02-logo.png

You can find the code for this level here.

(sha256: d175b624ed888badd795c5474ae855f711e856cc41c0757059594babe8f23413)

This level is a whole social network!

Okay, it's not, it's just a page with a profile picture. But on the bottom of the page, you can see something interesting: "Password for Level 3 (accessible only to members of …

Continue reading

Stripe CTF: Level #1

Posted on sam. 13 octobre 2012 in Write-up

level01-logo.jpg

You can find the code of this level here.

(sha256: b67c313a1a3bebd8702159efae32f95f1b41885f6e00103ee53e896a53194f43)

So, this level wants you to guess a password, stored in a file named "secret-combination.txt" on the server. If you manage to do it, it'll give you the password for this level. Let's take a look at the …

Continue reading

Stripe CTF: Level #0

Posted on sam. 13 octobre 2012 in Write-up

level00-logo.png

You can find the code of this level here.

(sha256: da9712a1851597d6d4b5a90224a1d0fcaa4b558f55a10ca0c7a115d18fe9dcb7)

So, this level is a safe that keeps your secrets for you. But it also keeps secrets for other people. Let's find out how we can recover the password for this level.

The page is a simple form with …

Continue reading

#define AUTHOR Yannick Méheut

Posted on sam. 13 octobre 2012 in Blog

Hi everyone!

My name is Yannick, I'm a 22 year-old student at the French engineer school Télécom ParisTech. I study cryptography and info/netsec. Although I find these topics fascinating, I'm pretty new to this world.

yannick.jpg

Last month, I decided to participate to the Stripe CTF, and, unexpectedly, I managed …

Continue reading