[CERT] Post attack analyses ZedCorp Challenge - My name is Rookie

The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO. For this recap, I want to do some analyses on my challenge to know how challengers proceed to solve it. There is some fun facts :D You can read writeups here to understand the context :

[CTF - Hacklab-ESGI-2019] ZedCorp Challenge - My name is Rookie

The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO. For this challenge, I wanted to teach challengers the principle of SSH tunneling and basics of penetration testing. Writeups wrote by others challengers (too many writeups you are mad <3) :

[CTF - Santhacklaus-2018] Netrunner

Netrunner is the second biggest challenge of the Santhacklaus 2018 CTF. The challenge is not really hard, but could be particulary annoying if you don’t know what to do. You need to have some skills in pentest web and medium skills in Linux system. The challenge is divided in 3 steps. Each step has its own validation password (flag). So let’s begin with the first step ! 1st step - You have a mission !

[CTF - Santhacklaus-2018] ArchDrive

ArchDrive is the biggest challenge of the Santhacklaus 2018 CTF and my favorite one. It’s divided in 5 steps of increasing difficulty. The challenge is not really hard, but particularly long and time-consuming. You need to have some strong skills in web pentesting, some basic skills in forensic and medium skills in Linux system. So, as you can see, the 5 steps have their own validation password (flag). Let’s start the challenge !