Le blog de @ohohoh

  • Welcome to my blog

    Welcome to my blog

    For those who don’t know me, my name is ohohoh, sk0ll (or hackline for short), and I learn and evolve in the IT and technology sector, more particularly in terms of security. Regarding my studies, I am in the second year of engineering school in Lyon. On this blog you will find write-ups from CTFs that…

  • CTF/ECW/Cryptography AES NULL S-BOX Exploit (CryptoFlow)

    CTF/ECW/Cryptography AES NULL S-BOX Exploit (CryptoFlow)

    For this third and final write-up of the CTF ECW 2023 edition, I will address the resolution of another challenge in the crypto category which has the originality of mixing pwn and cryptography, I named “CryptoFlow”. You can download the program here . Discovery of the challenge In this challenge we have access to a binary. We start…

  • CTF/ECW/Cryptography Breaking an OTP (BMPaaS)

    CTF/ECW/Cryptography Breaking an OTP (BMPaaS)

    For this second write-up on the CTF ECW 2023 edition, I address the resolution of a challenge in the crypto category “BMPaaS”, in which we will have to exploit an implementation of an OTP type algorithm (One-Time Pad ). Code analysis This is an OTP (One Time Pad ) type cryptographic algorithm, meaning that we have an…

  • CTF/ECW/Pwn Hacking Gameboy (Shellboy)

    CTF/ECW/Pwn Hacking Gameboy (Shellboy)

    These last two weeks I had the opportunity to participate in the qualifying phase of the CTF ECW (for European Cyber ​​Cup). In this first write-up I tackle the resolution of a pwn challenge which I found very nice and in which we will have to exploit a game on gameboy. You can download an archive…

  • CTF/DGHack/Web Operation based on PHP popchain (Unserial killer)

    CTF/DGHack/Web Operation based on PHP popchain (Unserial killer)

    Hello and welcome to this third write-up focusing on the challenges of the DGHACK, 2022 edition, organized by the General Directorate of Armaments of the Ministry of the Armed Forces. DESCRIPTION A company has just been attacked by hackers who have recovered the configuration of one of their web servers. Audit the web server source…

  • CTF/DGHack/Web,0day Hacker of hackers (A hunter who knows how to hunt)

    CTF/DGHack/Web,0day Hacker of hackers (A hunter who knows how to hunt)

    Hello and welcome to this first write-up of the challenges of the DGHACK 2022 edition organized by the General Directorate of Armaments of the Ministry of the Armed Forces. For this first write-up, I explain to you how I was able to solve the series of web challenges “a hunter who knows how to hunt”.…