From 83ae5cffe789604dbefeb658199513a9a4827a59 Mon Sep 17 00:00:00 2001
From: Lapin <serprev.z@gmail.com>
Date: Wed, 20 Jan 2021 00:15:40 +0100
Subject: [PATCH] first push

---
 .gitignore                     |   1 +
 level00/Ressource/rotn.py      |  14 ++++++++
 level00/Ressource/solution     |  39 ++++++++++++++++++++
 level00/flag                   |   1 +
 level01/Ressource/solution     |  64 +++++++++++++++++++++++++++++++++
 level01/flag                   |   1 +
 level01/flag_flag01            |   1 +
 level02/Ressource/level02.pcap | Bin 0 -> 8302 bytes
 level02/Ressource/soulution    |  12 +++++++
 level02/flag                   |   1 +
 level03/Ressource/solution     |   6 ++++
 level03/flag                   |   1 +
 12 files changed, 141 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 level00/Ressource/rotn.py
 create mode 100644 level00/Ressource/solution
 create mode 100644 level00/flag
 create mode 100644 level01/Ressource/solution
 create mode 100644 level01/flag
 create mode 100644 level01/flag_flag01
 create mode 100644 level02/Ressource/level02.pcap
 create mode 100644 level02/Ressource/soulution
 create mode 100644 level02/flag
 create mode 100644 level03/Ressource/solution
 create mode 100644 level03/flag

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1ee84da
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.sw*
diff --git a/level00/Ressource/rotn.py b/level00/Ressource/rotn.py
new file mode 100644
index 0000000..460b14c
--- /dev/null
+++ b/level00/Ressource/rotn.py
@@ -0,0 +1,14 @@
+#!/usr/bin/python3
+
+import sys
+
+def rot_alpha(n):
+	from string import ascii_lowercase as lc, ascii_uppercase as uc
+	lookup = str.maketrans(lc + uc, lc[n:] + lc[:n] + uc[n:] + uc[:n])
+	return lambda s: s.translate(lookup)
+
+if len(sys.argv) > 1:
+	for i in range(26):
+		print("rot", i, ":  ", rot_alpha(i)(sys.argv[1]))
+
+#rot_alpha(13)('Hello World') # Uryyb Jbeyq
diff --git a/level00/Ressource/solution b/level00/Ressource/solution
new file mode 100644
index 0000000..5b7fb69
--- /dev/null
+++ b/level00/Ressource/solution
@@ -0,0 +1,39 @@
+$ find / -user flag00
+>  /usr/sbin/john
+
+$ cat /usr/sbin/john
+> cdiiddwpgswtgt
+
+$ python3 rotn.py cdiiddwpgswtgt
+
+>
+rot 0 :   cdiiddwpgswtgt
+rot 1 :   dejjeexqhtxuhu
+rot 2 :   efkkffyriuyviv
+rot 3 :   fgllggzsjvzwjw
+rot 4 :   ghmmhhatkwaxkx
+rot 5 :   hinniibulxbyly
+rot 6 :   ijoojjcvmyczmz
+rot 7 :   jkppkkdwnzdana
+rot 8 :   klqqllexoaebob
+rot 9 :   lmrrmmfypbfcpc
+rot 10 :   mnssnngzqcgdqd
+rot 11 :   nottoohardhere
+rot 12 :   opuuppibseifsf
+rot 13 :   pqvvqqjctfjgtg
+rot 14 :   qrwwrrkdugkhuh
+rot 15 :   rsxxsslevhlivi
+rot 16 :   styyttmfwimjwj
+rot 17 :   tuzzuungxjnkxk
+rot 18 :   uvaavvohykolyl
+rot 19 :   vwbbwwpizlpmzm
+rot 20 :   wxccxxqjamqnan
+rot 21 :   xyddyyrkbnrobo
+rot 22 :   yzeezzslcospcp
+rot 23 :   zaffaatmdptqdq
+rot 24 :   abggbbunequrer
+rot 25 :   bchhccvofrvsfs
+
+On peut voir que rot 11 done une phrase en anglais: "nottoohardhere" 
+
+
diff --git a/level00/flag b/level00/flag
new file mode 100644
index 0000000..d44c8a1
--- /dev/null
+++ b/level00/flag
@@ -0,0 +1 @@
+x24ti5gi3x0ol2eh4esiuxias
diff --git a/level01/Ressource/solution b/level01/Ressource/solution
new file mode 100644
index 0000000..dbeca63
--- /dev/null
+++ b/level01/Ressource/solution
@@ -0,0 +1,64 @@
+$ cat /etc/passwd
+
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/bin/sh
+bin:x:2:2:bin:/bin:/bin/sh
+sys:x:3:3:sys:/dev:/bin/sh
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/bin/sh
+man:x:6:12:man:/var/cache/man:/bin/sh
+lp:x:7:7:lp:/var/spool/lpd:/bin/sh
+mail:x:8:8:mail:/var/mail:/bin/sh
+news:x:9:9:news:/var/spool/news:/bin/sh
+uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
+proxy:x:13:13:proxy:/bin:/bin/sh
+www-data:x:33:33:www-data:/var/www:/bin/sh
+backup:x:34:34:backup:/var/backups:/bin/sh
+list:x:38:38:Mailing List Manager:/var/list:/bin/sh
+irc:x:39:39:ircd:/var/run/ircd:/bin/sh
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
+nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
+libuuid:x:100:101::/var/lib/libuuid:/bin/sh
+syslog:x:101:103::/home/syslog:/bin/false
+messagebus:x:102:106::/var/run/dbus:/bin/false
+whoopsie:x:103:107::/nonexistent:/bin/false
+landscape:x:104:110::/var/lib/landscape:/bin/false
+sshd:x:105:65534::/var/run/sshd:/usr/sbin/nologin
+level00:x:2000:2000::/home/user/level00:/bin/bash
+level01:x:2001:2001::/home/user/level01:/bin/bash
+level02:x:2002:2002::/home/user/level02:/bin/bash
+level03:x:2003:2003::/home/user/level03:/bin/bash
+level04:x:2004:2004::/home/user/level04:/bin/bash
+level05:x:2005:2005::/home/user/level05:/bin/bash
+level06:x:2006:2006::/home/user/level06:/bin/bash
+level07:x:2007:2007::/home/user/level07:/bin/bash
+level08:x:2008:2008::/home/user/level08:/bin/bash
+level09:x:2009:2009::/home/user/level09:/bin/bash
+level10:x:2010:2010::/home/user/level10:/bin/bash
+level11:x:2011:2011::/home/user/level11:/bin/bash
+level12:x:2012:2012::/home/user/level12:/bin/bash
+level13:x:2013:2013::/home/user/level13:/bin/bash
+level14:x:2014:2014::/home/user/level14:/bin/bash
+flag00:x:3000:3000::/home/flag/flag00:/bin/bash
+flag01:42hDRfypTqqnw:3001:3001::/home/flag/flag01:/bin/bash
+flag02:x:3002:3002::/home/flag/flag02:/bin/bash
+flag03:x:3003:3003::/home/flag/flag03:/bin/bash
+flag04:x:3004:3004::/home/flag/flag04:/bin/bash
+flag05:x:3005:3005::/home/flag/flag05:/bin/bash
+flag06:x:3006:3006::/home/flag/flag06:/bin/bash
+flag07:x:3007:3007::/home/flag/flag07:/bin/bash
+flag08:x:3008:3008::/home/flag/flag08:/bin/bash
+flag09:x:3009:3009::/home/flag/flag09:/bin/bash
+flag10:x:3010:3010::/home/flag/flag10:/bin/bash
+flag11:x:3011:3011::/home/flag/flag11:/bin/bash
+flag12:x:3012:3012::/home/flag/flag12:/bin/bash
+flag13:x:3013:3013::/home/flag/flag13:/bin/bash
+flag14:x:3014:3014::/home/flag/flag14:/bin/bash
+
+On peut voir que flag01 donne une information sur le mots de passe. Il n'est pas en claire mais on peut imaginer qu'il est stoquer sous forme de hash.
+On va donc utiliser "john". On enresitre le hash dans un fichier, puis on passe se fichier en argument a john.
+
+$ john flag_intermediaire
+> abcdefg
+
+
diff --git a/level01/flag b/level01/flag
new file mode 100644
index 0000000..08efa4d
--- /dev/null
+++ b/level01/flag
@@ -0,0 +1 @@
+f2av5il02puano7naaf6adaaf
diff --git a/level01/flag_flag01 b/level01/flag_flag01
new file mode 100644
index 0000000..551ef48
--- /dev/null
+++ b/level01/flag_flag01
@@ -0,0 +1 @@
+42hDRfypTqqnw
diff --git a/level02/Ressource/level02.pcap b/level02/Ressource/level02.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..25683c2ccf2ec5f0c43f835460bbff03785fc307
GIT binary patch
literal 8302
zcmaKx4OCQR8i4P;Gss^Ei0G_iIspQ<3RtL!w5fpwA(VPjv@KE4V;UHs_=kh|1E!|P
zv9e8@*(`O-@-IvC2S;#sUDxd#CoQX!v96|A{?;1faQA)R@w+hJz5Cg@9Q7QZ`#kSA
z_q+E_?&Eu$ie#2L{gP$)!-(nec}dY`DF=R!N05|o>eW6{+=JoL&LAl(LdtObFhUy9
zCFc*rue6?r<NHnd$pxD&-H##3p$rRJw^Nc7bHF~c5)>j^_u268Ws@lo$scthGbZwZ
zEJ+z~b|AMVBNge%1)K5@Zf_e2beE%B+WH-J9c0Co^aIj?9Dw9~J<QT5I1?T^=Tt`v
zIcIUsE})O9j*!YD=76K@^F=Ze&pOR$MTgFHsQX<c_NeDvN1<!AMQ*+t>LUW}DtfBk
zehB^NpM{$LCe2I(%`DQKqG`q<7>O-FWSYA0p^l409AQYbNad{){E6y4(wy{eho-JQ
z)xDM48@To?Xm75LkekE(+v89(YO7fq57Wd$M;z^bkBHTVM40BbO@7miQ$6vj*P?o1
ztg)&$LG{u(>N=f6H;U1Y|IjE>xKT92XJA4#jAG|`ZWQhDs>h;wY^o<#^(3hG=p6mu
zGfR^o0S{eAuKRuJSip5mfXST0PsQ49Tt}NtR&S_nvGg;6ep=usPV754(+W5V9=e)J
z$0a;db~{&d4r)rVX6tIMrp+cjnwFZ9GJt;4Nu_b6MTJikmZYcP9}^@gGke@Kxg!f?
zzrVLg^DBzWUiL|)d?Z}PZIr)+%P-w*iS9)g#V{?u6)p-`Mw9B5Rd0;y?W=kMRPRF=
z-t}X%v<9N_(1kB?T&D0}{llYsLHJS(&l=|!-l}>{>OEQY#HejCCfMOjQ%z<iJV25H
zr}hp~%)z62g(&t=B|2P*j8LK?6;<s92Mom1S8eMn?Un|?@4W%4hulW*GE3Rug@<nW
zhr72^e;wDq6#9#>|86YT-xedAe1rX>6Id5L-0>rVbJDozB8aZT=wC{>XaEQLz;}0>
zrDs7F51sK7?j2-o=Zx#XcorI;>dPBH1j4EZ7EMyyV{o~a?J-MF0~-&W`D2bNWImWP
zp9SV`p!p5|4G5MC)=E<E5jthBS(*h{Jaq1VbpM6ii#Yc;z`X+9Cl~VWF(y-s$y^g2
z*wQ<w#vJVG6;fjlt%(k=iHxX;imZX9hr>6vmj?!j?k88N>M^dW0;(EuqYh8f)*}%%
z>Q<c7Q6R2`4m@-*cJ~JqGm?vGWHC>}Kf^l|&~C$}lNc6~JF{f&eA^>QLy{g%8<;k5
zMsZ1T+01DJ=M)y(64TSC!>{x~DM^FizeoDp66aKuCl5;L9~KfKOO=(CQ|Hbox6Lk{
zF|#DyhH}p(33FR1H$$K63B}y5-}vR;&IRHjd!Y0Ll;WZLSPXVtBVxKC5k3}M?r)T`
z^|Q;EJR6bIHwH?XfWt#K!6EJsX@aZ#C+G=<3C_ij!@V*#!SpkTm5ABp^+3@&|755+
z_uzI<7>2i}v2fH(KZBN2x&({De<mV-CHsgFzNw!^yotnOM27SZ7KQJmaBkP}ghBW`
z3ctT20`3}w-;{`X5txDprt5~9^B_E&!aLRnHLs!Ng4zc};Wvmlgj;bR5yES4vG4;y
zNSuer*!Le0g?~ihwcLt_LwF^IdwymsK0IEw9te_%`2jEm;WrI6D<M1*!@Wm3YYvY`
z%ehy=MB%rHn97Cwh!FnfhZ-?baSe~B)w$pe6NP_F;VZfDNC=-#;ooWD84w=nTk+!d
zFj4qzL(TaR9!24A`)Oui_}aFvqVPLJe1r@45h1)DZt%W`?gJJG&!Fq^!Jgrw@Ld$X
zf(ws=@C6ipPz%q4aEtF6-wsT{ivMD$xd6hWDZJWGGj9xppJ+6T!ha<q_oNx^BSQFl
z&uPSA5S}*?kz3B1Md7<Cd^r~$4dDwZe4-Zafbd}wG1s5#c#PNW!Kse_8fq?t@SYSN
z;-~4z1Is?evMBs65tFzT_Yood`d*D#3*nA1L~bnWK<ak&!R|eV;XNUI5r+S^g@tEK
zh45M#kqzatXu*Fov|I$;7VP%i?QEGb6^XZjm=AXyJam#H-Fr#0l3N`MlT6s`FDZqE
zJX2U+URhdJlx{<OVTDk*jf4ksV@2V9B;4vR{2UP9S{)!-C=U^TZ%BlN+OUlg54jXq
z#?<ME%<R)eo2qUGsqTF=gJs+d`oRnq<4YmjQ0_m#WZGrxA=d;TR()#{N!}yLhdIf`
zlns)LQ<&sotK!PES0M5<AlbEUAo&SN))+`uq2$kzOfqY{Y&~p6;(>9(-Q7!){W-}h
zCb_=1CRw1kvc|uNNNIe>PHZ5#pCp$WNG?IipN49Z*FmyiA`nfF3zxf{BojHwB}}ps
zUJiUa@!>j<yk3dOX8<Xf<fkOby|H_6x$P)<Z3B}WT?CSKNUU!R5-qn%k_nuook^}~
z(j?zeT%(H$5qTPr0?E%vl6$)$$!e0+K9i%jfaE(!R7Q!OVw@65#&eR@OwwMaN$v;9
zEhUJ29FPLZ10>14G?U~~lx)4OP4XN_?nmP0BGHZ4DU)PBPI4)eT=lRf*#wg3iV%4g
zkOIkrBv}Q>PG8NDWDQ9k)+F0NvZ(-w8RJDaNvA@RahzlglU#UFle`3yZDok81*Aao
zbCO(aAi0brvzX+Q`5<{|5)g}%MOU}eM3S+b<T55X`v#LdvRrXJnQuqrCx8@49wNy_
z29nEB@`{y7K6PHU9$7vai2te=?UPP3Nyc!J%bDb?$2G|vitDNKc0}4X2=~duB)QN)
zas^8M_$HIg9tx5>ka#Lh^xoqPAjyX~$rViUr9+zJX~mU2lqA~$DVXFDlH|T@qtE0@
zlI)>LHh|>m=RvaTr=oq**@Yx+oa9O-`KNA7@+jPKvK#Uc`8*&6l1E8$zQH7GQSx#i
zlgxoT&QU88FCQ1}lg>br?8`~kGRdtOnq;!#${C-D$N^2leX@}x`R5nh%<E9{Qlloh
z5+svf0HP^acy$MnWFJnlj!ABuqDg)Qk}Jm|@>xI%CV7k`=NU|L6-r*5!z6PDfaF&%
z0`Y3IaFW3!`5-5`ib+-vVUmrL6<6+nVnk+~5KhuXl5-6tUq#85txR%Eg=}q{JOzl)
z!?&XU|C<tL2ub$lBwuBcmB%zmc%~jxF&mMu15z-_<0M&OAi0_(gEh$(kgP>w{chpa
z9ZHf`PI5JqEb6XFHiKk~9g!CSDUfU;$#Mh9H7NN*GLy`!0?B41zWtQ&-u(bc_TnVh
zFv-_vXp(0YS6)>vBEJBnK(d)6%M2vfqU42Jn&ftnJX;9F&*M7YcXTghgPma{`8!T>
zEtA}1(<I@Gm%QyMh`a$vf#eC2e8oWWHIi)5B;i~6#+yhyvPme}l_V{k<ZDcF<JX$x
z9gu9zMdTeo3MBtZl5-3s*O6qMCV2}a?;!D&gTkkvaFXoFNv>m(?nO-USPn?u3Zrg7
z3MBtVlBEWc>rwLi0w$S%Qnnt;LE^!$x@!M_PWP-o)ctoN&N3vz>+P5K@7;<k{}dA8
z%@LtXzV6V}eTGt<5r*aKp*#`a7cacuxjg?=5fIPDhH9ITPIIvPBx%m(G!x+lu^!*T
zzj=#=kA;izSdNUyb8(^CEDa<hNwNpGJSf>8CBMDEBwa5kuCY}}OzRga6-yEwI>`y{
ze~@H0C)uA#e)o1~N!JT7%Ut{h+%~ghT4`BX@wAGt5bmpSJn0!YDf>tmWOSp9XoHMg
z%DDevEL(jUF9GpHW5*MN0Wpe*-3^J6Qu+B>HkhUc91IfMTpdK+U{c+uXfXVTEEfh-
rUmYnopV`F*Gf|eUO$|sqdAx&Y;MkoUqd3QUSiCV<{iV{`aiaV`e0>Dm

literal 0
HcmV?d00001

diff --git a/level02/Ressource/soulution b/level02/Ressource/soulution
new file mode 100644
index 0000000..68174cb
--- /dev/null
+++ b/level02/Ressource/soulution
@@ -0,0 +1,12 @@
+Il y a un fichier nommer level02.pcap. Avec une petite recherche google on apprend que c'est une capture de paquet reseau.
+
+tshark est un utilitaire premettant de lire les fichier pcap
+
+-Tfields permet de selectioner des champ specifique, on choisiera le champ data
+
+$ sudo tshark -r Ressource/level02.pcap -Tfields -e data
+
+avec un convewrtisseur hex to char on obtien:
+
+Password: ft_wandr...NDRel.L0L (avec le '.' qui sont des charactere non inprimable. Ce sont des back-space)
+
diff --git a/level02/flag b/level02/flag
new file mode 100644
index 0000000..09d3ca9
--- /dev/null
+++ b/level02/flag
@@ -0,0 +1 @@
+kooda2puivaav1idi4f57q8iq
diff --git a/level03/Ressource/solution b/level03/Ressource/solution
new file mode 100644
index 0000000..a118799
--- /dev/null
+++ b/level03/Ressource/solution
@@ -0,0 +1,6 @@
+On peut voir qu'il y a un executable level03 appartenant a flag03.
+Ce fichier execute: echo "Exploit me"
+
+on peut donc changer le PATH. Cree un fichier executable dans /tmp qui execute getflag
+
+quand on execute level03 on obtient alors le flag
diff --git a/level03/flag b/level03/flag
new file mode 100644
index 0000000..f5e998e
--- /dev/null
+++ b/level03/flag
@@ -0,0 +1 @@
+qi0maab88jeaj46qoumi7maus