MIDNIGHT FLAG CTF 2025 - Operation Silent Hunt

Chic0s, 23 June 2025

Difficulty: Medium Category: OSINT Author: Chic0s & Papyruss 📝 Description During the theft of a hard drive containing sensitive data, the attacker made a crucial mistake — they left their phone at the scene. Your mission: follow the digital breadcrumbs and uncover the exact address where the hard drive is hidden. ⚠️ But be careful — getting caught could compromise the entire operation. Important: All OSINT must be conducted using the following websites only:

WEB - Breaking Bank

Chic0s, 17 December 2024

Website Analysis CryptoX is a cryptocurrency management platform that allows users to: Track market prices Manage portfolios Send transactions For added security, transactions can only be conducted between friends. Users can monitor their assets, market changes, and transaction history through an intuitive, dark-themed interface. Features Introduction To perform a transaction, the following conditions must be met: You must be friends with the recipient. You must own cryptocurrency. Friend Request The friend request can be initiated by either the sender or the recipient of the transaction.

Dojo 36 - YesWeHack

Chic0s, 5 October 2024

Description OS Command Injection is a vulnerability that allows attackers to inject and execute arbitrary commands on the operating system through unsanitized user input. This can lead to unauthorized access, data theft, system compromise, or remote code execution. It typically occurs when applications pass user input directly into OS commands without proper validation. Exploitation We are given a web application that allows us to ping an IP address. We can send two inputs :

Dojo Halloween - YesWeHack

Chic0s, 5 October 2024

Description Server-Side Request Forgery (SSRF) is a vulnerability that enables attackers to trick a server into making requests to unintended locations, both internal and external, by manipulating URLs in user-supplied input. This can lead to unauthorized access to internal services, sensitive information disclosure, or even full system compromise. SSRF typically occurs when applications fetch external resources or perform HTTP requests based on unvalidated user input, allowing attackers to manipulate these requests and access restricted networks, APIs, or internal systems.

Dojo 35 - YesWeHack

Chic0s, 5 September 2024

Description Une SSTI (Server-Side Template Injection) est une vulnérabilité qui survient lorsqu’une application web permet à un attaquant d’injecter du code malveillant directement dans le modèle (template) utilisé côté serveur pour générer du contenu dynamique. Les moteurs de templates, tels que EJS, Jinja2, Pug, et bien d’autres, sont souvent utilisés pour séparer la logique d’application de la présentation des données. Cependant, si ces moteurs de templates ne traitent pas correctement les données fournies par l’utilisateur, cela peut offrir aux attaquants une opportunité d’injecter du code qui sera interprété et exécuté par le serveur

Dojo 34 - YesWeHack

Chic0s, 5 August 2024

Description En cas de XXE (XML External Entity), une vulnérabilité est exploitée dans le traitement XML pour insérer des entités externes malveillantes dans un document XML. Ce type de faille permet à un attaquant de lire des fichiers arbitraires sur le système, de scanner des ports, voire d’exécuter du code à distance. Dans le cadre de cette vulnérabilité, le point d’entrée identifié était la fonction promptFromXML(data), où des entrées XML malveillantes pourraient être utilisées pour manipuler les paramètres de sécurité du serveur et potentiellement exécuter du code non autorisé sur le serveur web.

Proxmark 3 - Mifare 1K

Chic0s, 5 November 2023

1 - Implementation of the Tool In the first step, I will equip myself with my tool: The Proxmark 3 Easy, you can find this little gadget on AliExpress for around 50€. It has two antennas, one for low frequency and one for high frequency. To use it, you will need a tool called Iceman. YouTube tutorial for updating the firmware and installing Iceman: https://www.youtube.com/watch?v=n1Xt-1ZmjM0&feature=emb_imp_woyt 2 - Identifying the Badge To identify the badge, we will use the ‘auto’ command, which allows scanning across different frequencies (high and low frequencies).