-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
146 lines (143 loc) · 18.9 KB
/
index.html
File metadata and controls
146 lines (143 loc) · 18.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
<!DOCTYPE html>
<html lang="en">
<head>
<meta name="generator" content="Hugo 0.101.0" />
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noodp" />
<title>Root-Me Blog</title><meta name="Description" content="Root Me allows everyone to test and improve their knowledge in computer security and hacking. Legal. Free. Realistic."><meta property="og:title" content="Root-Me Blog" />
<meta property="og:description" content="Root Me allows everyone to test and improve their knowledge in computer security and hacking. Legal. Free. Realistic." />
<meta property="og:type" content="website" />
<meta property="og:url" content="https://blog.root-me.org/" /><meta property="og:site_name" content="Root-Me Blog" />
<meta name="twitter:card" content="summary"/>
<meta name="twitter:title" content="Root-Me Blog"/>
<meta name="twitter:description" content="Root Me allows everyone to test and improve their knowledge in computer security and hacking. Legal. Free. Realistic."/>
<meta name="application-name" content="Root-Me Blog">
<meta name="apple-mobile-web-app-title" content="Root-Me Blog"><meta name="theme-color" content="#ffffff"><meta name="msapplication-TileColor" content="#da532c"><link rel="shortcut icon" type="image/x-icon" href="/favicon.ico" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png"><link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png"><link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5"><link rel="manifest" href="/site.webmanifest"><link rel="canonical" href="https://blog.root-me.org/" /><link rel="alternate" href="/index.xml" type="application/rss+xml" title="Root-Me Blog">
<link rel="feed" href="/index.xml" type="application/rss+xml" title="Root-Me Blog"><link rel="stylesheet" href="/css/style.min.css"><link rel="preload" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@fortawesome/fontawesome-free@6.1.1/css/all.min.css"></noscript><link rel="preload" href="https://cdn.jsdelivr.net/npm/animate.css@4.1.1/animate.min.css" as="style" onload="this.onload=null;this.rel='stylesheet'">
<noscript><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/animate.css@4.1.1/animate.min.css"></noscript><script type="application/ld+json">
{
"@context": "http://schema.org",
"@type": "WebSite",
"url": "https:\/\/blog.root-me.org\/","inLanguage": "en","author": {
"@type": "Person",
"name": "Root-Me"
},"description": "Root Me allows everyone to test and improve their knowledge in computer security and hacking. Legal. Free. Realistic.","name": "Root-Me Blog"
}
</script></head>
<body data-header-desktop="fixed" data-header-mobile="auto"><script type="text/javascript">(window.localStorage && localStorage.getItem('theme') ? localStorage.getItem('theme') === 'dark' : ('light' === 'auto' ? window.matchMedia('(prefers-color-scheme: dark)').matches : 'light' === 'dark')) && document.body.setAttribute('theme', 'dark');</script>
<div id="mask"></div><div class="wrapper"><header class="desktop" id="header-desktop">
<div class="header-wrapper">
<div class="header-title">
<a href="/" title="Root-Me Blog"><img
class="lazyload logo"
src="/svg/loading.min.svg"
data-src="https://www.root-me.org/IMG/logo/siteon0.svg"
data-srcset="https://www.root-me.org/IMG/logo/siteon0.svg, https://www.root-me.org/IMG/logo/siteon0.svg 1.5x, https://www.root-me.org/IMG/logo/siteon0.svg 2x"
data-sizes="auto"
alt="https://www.root-me.org/IMG/logo/siteon0.svg"
title="https://www.root-me.org/IMG/logo/siteon0.svg" />Root-Me Blog</a>
</div>
<div class="menu">
<div class="menu-inner"><a class="menu-item" href="/posts/"> Posts </a><a class="menu-item" href="/tags/"> Tags </a><a class="menu-item" href="/categories/"> Categories </a><span class="menu-item delimiter"></span><a href="javascript:void(0);" class="menu-item theme-switch" title="Switch Theme">
<i class="fas fa-adjust fa-fw" aria-hidden="true"></i>
</a></div>
</div>
</div>
</header><header class="mobile" id="header-mobile">
<div class="header-container">
<div class="header-wrapper">
<div class="header-title">
<a href="/" title="Root-Me Blog"><img
class="lazyload logo"
src="/svg/loading.min.svg"
data-src="https://www.root-me.org/IMG/logo/siteon0.svg"
data-srcset="https://www.root-me.org/IMG/logo/siteon0.svg, https://www.root-me.org/IMG/logo/siteon0.svg 1.5x, https://www.root-me.org/IMG/logo/siteon0.svg 2x"
data-sizes="auto"
alt="https://www.root-me.org/IMG/logo/siteon0.svg"
title="https://www.root-me.org/IMG/logo/siteon0.svg" />Root-Me Blog</a>
</div>
<div class="menu-toggle" id="menu-toggle-mobile">
<span></span><span></span><span></span>
</div>
</div>
<div class="menu" id="menu-mobile"><a class="menu-item" href="/posts/" title="">Posts</a><a class="menu-item" href="/tags/" title="">Tags</a><a class="menu-item" href="/categories/" title="">Categories</a><a href="javascript:void(0);" class="menu-item theme-switch" title="Switch Theme">
<i class="fas fa-adjust fa-fw" aria-hidden="true"></i>
</a></div>
</div>
</header><main class="main">
<div class="container"><div class="page home" data-home="posts"><div class="home-profile"><div class="home-avatar"><a href="/posts/" title="Posts"><img
class="lazyload"
src="/svg/loading.min.svg"
data-src="https://www.root-me.org/IMG/logo/siteon0.svg"
data-srcset="https://www.root-me.org/IMG/logo/siteon0.svg, https://www.root-me.org/IMG/logo/siteon0.svg 1.5x, https://www.root-me.org/IMG/logo/siteon0.svg 2x"
data-sizes="auto"
alt="https://www.root-me.org/IMG/logo/siteon0.svg"
title="https://www.root-me.org/IMG/logo/siteon0.svg" /></a></div><div class="home-subtitle"><div id="id-1" class="typeit"></div></div><div class="links"><a href="https://linkedin.com/company/root-me-pro" title="LinkedIn" target="_blank" rel="noopener noreffer me"><i class="fab fa-linkedin fa-fw" aria-hidden="true"></i></a><a href="https://twitter.com/rootme_org" title="Twitter" target="_blank" rel="noopener noreffer me"><i class="fab fa-twitter fa-fw" aria-hidden="true"></i></a><a href="https://www.youtube.com/@rootme_org/" title="YouTube" target="_blank" rel="noopener noreffer me"><i class="fab fa-youtube fa-fw" aria-hidden="true"></i></a><a href="https://www.twitch.tv/rootme_org" title="Twitch" target="_blank" rel="noopener noreffer me"><i class="fab fa-twitch fa-fw" aria-hidden="true"></i></a><a href="https://discord.gg/wpk8xHr" title="Discord" target="_blank" rel="noopener noreffer me"><i class="fab fa-discord fa-fw" aria-hidden="true"></i></a><a href="https://www.root-me.org/#" title="Root-Me" target="_blank" rel="noopener noreffer me"><i data-svg-src="/svg/icons/rootme.min.svg" aria-hidden="true"></i></a></div></div>
<article class="single summary" itemscope itemtype="http://schema.org/Article"><h1 class="single-title" itemprop="name headline">
<a href="/posts/writeup_dgse/">Writeup - DGSE Recruitment CTF</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://pro.root-me.org" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>Root-Me PRO</a></span> <span class="post-publish">published on <time datetime="2025-05-07">2025-05-07</time></span> <span class="post-category">included in <a href="/categories/writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>Writeups</a></span></div><div class="content">Solution of the recruitment CTF of Direction Générale de la Sécurité Extérieur (DGSE) during April 2025</div><div class="post-footer">
<a href="/posts/writeup_dgse/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/dgse/">dgse</a>, <a href="/tags/writeup/">writeup</a>, <a href="/tags/solution/">solution</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><h1 class="single-title" itemprop="name headline">
<a href="/posts/writeup_comcyber_marine/">Writeup - ComCyber - Marine Nationale Recrutement CTF</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://www.root-me.org/Nishacid" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>Nishacid</a></span> <span class="post-publish">published on <time datetime="2025-03-31">2025-03-31</time></span> <span class="post-category">included in <a href="/categories/writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>Writeups</a></span></div><div class="content">Solution of the recruitment CTF of ComCyber Marine Nationale during March 2025</div><div class="post-footer">
<a href="/posts/writeup_comcyber_marine/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/comcyber/">comcyber</a>, <a href="/tags/writeup/">writeup</a>, <a href="/tags/solution/">solution</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><h1 class="single-title" itemprop="name headline">
<a href="/posts/writeup_snippet_05/">Code Snippet Serie - 05 - Integer Overflow & Stack Overflow</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://www.root-me.org/baguette" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>baguette</a></span> <span class="post-publish">published on <time datetime="2025-02-03">2025-02-03</time></span> <span class="post-category">included in <a href="/categories/writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>Writeups</a></span></div><div class="content">Challenge Description This challenge, authored by @baguette, involves exploiting an integer overflow vulnerability combined with a stack overflow, allowing arbitrary writes to the stack.
Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the improper handling of integer values and the use of the read function, which allows writing arbitrary data to the stack.
Exploitation Process 1. Triggering the Integer Overflow: When len is set to -2147483648 (minimum value of a signed 32-bit integer), the call to abs(len) results in an overflow.</div><div class="post-footer">
<a href="/posts/writeup_snippet_05/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/writeup/">writeup</a>, <a href="/tags/integer-overflow/">integer overflow</a>, <a href="/tags/stack-overflow/">stack overflow</a>, <a href="/tags/code-snippet/">code snippet</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><h1 class="single-title" itemprop="name headline">
<a href="/posts/writeup_snippet_04/">Code Snippet Serie - 04 - SSRF and HTTP Hop-by-Hop Header Injection</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://www.root-me.org/baguette" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>baguette</a></span> <span class="post-publish">published on <time datetime="2025-01-03">2025-01-03</time></span> <span class="post-category">included in <a href="/categories/writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>Writeups</a></span></div><div class="content">Challenge Description This challenge, authored by @baguette, involves exploiting vulnerabilities in a Flask application that acts as a proxy. The application is behind a cache server managed by a varnish and a load balancer managed by a nginx. The application has two main routes: / and /admin. The / route proxies requests to https://root-me.org, while the /admin route restricts access based on the presence of the X-Real-IP header.
Vulnerability Overview 🛑 Vulnerabilities: The application is vulnerable to Server-Side Request Forgery (SSRF) and HTTP Hop-by-Hop Header Injection.</div><div class="post-footer">
<a href="/posts/writeup_snippet_04/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/writeup/">writeup</a>, <a href="/tags/code-snippet/">code snippet</a>, <a href="/tags/ssrf/">ssrf</a>, <a href="/tags/hop-by-hop/">hop-by-hop</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><h1 class="single-title" itemprop="name headline">
<a href="/posts/writeup_snippet_03/">Code Snippet Serie - 03 - Cross-Function-Reentrancy</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://www.root-me.org/K-L-M" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>K.L.M</a></span> <span class="post-publish">published on <time datetime="2024-12-03">2024-12-03</time></span> <span class="post-category">included in <a href="/categories/writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>Writeups</a></span></div><div class="content">Challenge Description This challenge, authored by @KLM, involves exploiting a vulnerability in a vyper smart contract that utilize a Cross-Function-Reentrancy due to a problem in the vyper version. This smart contract is made for a company to sell shares on the blockchain to help and ensure everything is secure, tracked and transparent.
Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the insecure version of Vyper that desynchronise the values of the @nonreentrant("lock") between function in a contract and the bad execution flow management.</div><div class="post-footer">
<a href="/posts/writeup_snippet_03/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/writeup/">writeup</a>, <a href="/tags/code-snippet/">code snippet</a>, <a href="/tags/web3/">Web3</a>, <a href="/tags/vyper/">vyper</a>, <a href="/tags/cross-function-reentrancy/">Cross-Function-Reentrancy</a></div></div>
</article><article class="single summary" itemscope itemtype="http://schema.org/Article"><h1 class="single-title" itemprop="name headline">
<a href="/posts/writeup_snippet_02/">Code Snippet Serie - 02 - Memory Exhaustion via Unchecked Input Length</a>
</h1><div class="post-meta"><span class="post-author"><a href="https://www.root-me.org/Ethnical-41840" title="Author" target="_blank" rel="noopener noreffer author" class="author"><i class="fas fa-user-circle fa-fw" aria-hidden="true"></i>Ethnical</a></span> <span class="post-publish">published on <time datetime="2024-11-05">2024-11-05</time></span> <span class="post-category">included in <a href="/categories/writeups/"><i class="far fa-folder fa-fw" aria-hidden="true"></i>Writeups</a></span></div><div class="content">Challenge Description This challenge, authored by @Ethnical and @fadam, involves exploiting a vulnerability in a blockchain network server that processes incoming network messages. The vulnerability allows an attacker to cause a Denial of Service (DoS) by exhausting the server’s memory.
Vulnerability Overview 🛑 Vulnerability: The vulnerability lies in the unchecked allocation of memory based on user-controlled input length, leading to potential memory exhaustion.
Technical Analysis Vulnerability Details Unchecked Length Parameter:</div><div class="post-footer">
<a href="/posts/writeup_snippet_02/">Read More</a><div class="post-tags">
<i class="fas fa-tags fa-fw" aria-hidden="true"></i> <a href="/tags/writeup/">writeup</a>, <a href="/tags/code-snippet/">code snippet</a>, <a href="/tags/memory/">memory</a>, <a href="/tags/exhaustion/">exhaustion</a></div></div>
</article><ul class="pagination"><li class="page-item active">
<span class="page-link">
<a href="/">1</a>
</span>
</li><li class="page-item ">
<span class="page-link">
<a href="/page/2/">2</a>
</span>
</li><li class="page-item ">
<span class="page-link">
<a href="/page/3/">3</a>
</span>
</li><li class="page-item ">
<span class="page-link">
<a href="/page/4/">4</a>
</span>
</li></ul></div></div>
</main><footer class="footer">
<div class="footer-container"><div class="footer-line" itemscope itemtype="http://schema.org/CreativeWork"><i class="far fa-copyright fa-fw" aria-hidden="true"></i><span itemprop="copyrightYear">2023 - 2025</span><span class="author" itemprop="copyrightHolder"> <a href="https://root-me.org" target="_blank">Root-Me</a></span> | <span class="license">contact@root-me.org | <a href='/privacy/'>Privacy</a></span></div>
</div>
</footer></div>
<div id="fixed-buttons"><a href="#" id="back-to-top" class="fixed-button" title="Back to Top">
<i class="fas fa-arrow-up fa-fw" aria-hidden="true"></i>
</a><a href="#" id="view-comments" class="fixed-button" title="View Comments">
<i class="fas fa-comment fa-fw" aria-hidden="true"></i>
</a>
</div><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/lazysizes@5.3.2/lazysizes.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/clipboard@2.0.11/dist/clipboard.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/sharer.js@0.5.1/sharer.min.js"></script><script type="text/javascript" src="https://cdn.jsdelivr.net/npm/typeit@8.6.0/dist/index.umd.js"></script><script type="text/javascript">window.config={"code":{"copyTitle":"Copy to clipboard","maxShownLines":50},"data":{"id-1":"Root Me allows everyone to test and improve their knowledge in computer security and hacking. Legal. Free. Realistic."},"typeit":{"cursorChar":"|","cursorSpeed":1000,"data":{"id-1":["id-1"]},"duration":-1,"speed":100}};</script><script type="text/javascript" src="/js/theme.min.js"></script></body>
</html>