DGHACK2023
DG’hAck 2023 is a CTF event held by the DGA (branch of the French military). There were 24 challenges this year but I was only able to fully solve 11 of them. Yet I was able to reach global rank 6 and first on the student’s leaderboard under the name Curiosité.
Scoreboard
| Global scoreboard | Student scoreboard |
|---|---|
 |  |
Challenges
The points given by challenges were static and often not proportional to the difficulty.
| Solved | Name | Points | Tags | Description |
|---|---|---|---|---|
| Feed This Dragon | 50 | Dev | Interact with a game through an API | |
| CryptoNeat | 50 | Web Crypto | AES CTR Nonce reuse | |
| TicToc | 100 | Dev | Side channel attack on the time to verify admin’s password | |
| Wrongsomewhere | 50 | Reverse | Ransomware that uses a machine specific Windows registry key to derive an encryption key | |
| Infinite Money Glitch | 200 | Dev | Read codes on videos with OCR | |
| Plugin again | 100 | Web | Bypass Content Security Policy (CSP) thanks to a permissive rule on a CDN that allows github repos | |
| Remove Before Flight | 100 | Web | ||
| Awesome Doc Converter | 150 | Web | ||
| AEgisSecureForge | 200 | Crypto | Read PrivateBin data in network traffic and ECB encryption oracle | |
| PoliceForensic | 150 | Forensics | ||
| KeepQuiet | 100 | Reverse | ||
| Damn Deprecation | 300 | Forensics Reverse | Compromised linux kernel injected through dependency injection | |
| L’an 1, et puis l’an 2 | 150 | Forensics | Decipher EmpireC2 communications with a Windows machine KeyStore private key found in a memory dump | |
| Catch Him If You Can | 100 | Detection | ||
| My Virtual Bookstore | 200 | Exploitation | ||
| A Maze In | 50 | Steganography | Maze solving on a sticker | |
| Time To Fight Back | 150 | Exploitation | ||
| Save the earth or loose yourself?! | 100 | Exploitation OSINT | ||
| Randigma (ESN’HACK) | 150 | Crypto | ||
| JarJarBank | 300 | Web | Vulnerable SOAP service | |
| Android Mirrors | 150 | Dev Reverse | Dynamic java method calls that simulate the path of a laser in mirrors. The key of the crackme was the mirrors orientations | |
| Pixle | 200 | Reverse | ||
| A_Maritime_Journey | 150 | Forensics | Questions on the NMEA 0183 protocol | |
| TicTacPwn | 300 | Exploit | From file read and arbitrary memory writes with all protections to RCE by writing a ROP chain on the stack |