## KnowMe gobuster -> give access to robot.txt Robot.txt says /items.php is available, and inside it we have access to the Rest API A sort parameter is required, and when we enter "count" we see an object : {"id":1,"count":22,"itemName":"Labtop"} {"id":2,"count":12,"itemName":"test"} {"id":3,"count":2,"itemName":"CTFCreators"} Max 3 objects in the data base. Count ??? Cookie: PHPSESSID=g9vhvsnqfgj7epshsqrjt6u8mv Tentative d'injection php/html & SQL via url Utilisation de FoxyProxy & de burpsuite pour obtenir plus de détails lors d'une tentative de connexion ## KillJoy Got 2 files: traffic.pcapng and Kill_Joy.exe a network capture file and a windows PE executable We gotta retrieve the content of a file that got stolen over the network Using strings on the exe we can retrieve a file named `C:\\Users\\joezid\\Source\\Repos\\SSD1\\Release\\SSD1.pdb` Since it's a windows executable, it was quite hard to find the content of the file. I stayed stuck on the challenge until the end. I suspect we can find the content of the file on the network capture file. ## KeyGenMe Got a binary file. Open it with cutter and try to understand the content. There isn't shared library link to the executable, so we can't preload functions. Use strace doesn't give us more information. Identify a crypted string (in base 64) and decrypt it. Now, we know that we need to decode a band name and the name song in the binary. We found that our input is converted to SHA1 and capitalized. After that, there's a tricky part, we got the expected str but johntheripper can't decypher it.... In the binary we found a Get_band_name() function This function does a lot of weird asm magic We added a 'jmp' in the main to call this function but we couldn't manage to get it work properly (causing a segfault)