Post attack analyses ZedCorp Challenge - My name is Rookie

The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO. For this recap, I want to do some analyses on my challenge to know how challengers proceed to solve it. There is some fun facts :D You can read writeups here to understand the context :

Hacklab ESGI CTF 2019 - Recap

Hacklab ESGI CTF 2019 is a “Capture The Flag” competition in a Jeopardy style. It’s organize by security enthusiasts, members of Hacklab ESGI security association. For the 2019 edition, I wanted to share some knowledges to challengers. So I decided to join the CTF Staff and create a big web/system challenge : ZedCorp alias ‘My name is Rookie’. Participate to a CTF like Staff is quite different than participate like player.

ZedCorp Challenge - My name is Rookie

The ZedCorp challenge alias “My name is Rookie” was a realistic challenge proposed at Hacklab ESGI CTF 2019. ZedCorp is a small startup who work in computer science and particulary in development. The goal was to recover confidential files owned by the CEO. For this challenge, I wanted to teach challengers the principle of SSH tunneling and basics of penetration testing. Writeups wrote by others challengers (too many writeups you are mad <3) :