- Second hints for Mickey and Moleman : http://static.quals.nuitduhack.com/hints/Mickey2-ArphiadEdWyodTik.png http://static.quals.nuitduhack.com/hints/Moleman2-elawdyimwitgobto.png
- First hints for Mickey and Moleman : http://static.quals.nuitduhack.com/hints/Mickey1-Gunletsebgimfeg6.jpg http://static.quals.nuitduhack.com/hints/Moleman1-ImHonyeghaTweel8.jpg
- Following a lot of requests regarding "Find Me I'm Famous", all we can say is that it is really solvable if you think as a pentester.
- Some of you reported an issue with Facesec 2 and told us. Thanks for that! We have just updated it to provide you with something exploitable. We apology for the mistake, and hope you are having fun! Be fair play, let's rox it!
- 06:30 UTC+0200 A typo was fixed in the flag for "Who Am I", anyone having trouble validating a flag should try again (uppercase version).
- Regarding Matriochka, step 4, we double checked the challenge and gave some thought to the problem of multiple inputs validating in some conditions. This is a nice side effect and does not actually alter the challenge. In the proper conditions, only one string validates: the flag.
- Binaries for exploit-me challenges available at http://static.quals.nuitduhack.com/CrazyTownFamous.tar.gz (Crazy Town Famous) and http://static.quals.nuitduhack.com/role_gaming.tar.gz (Night Daemonic Heap).
Qualification round will start on April 1st 1159PM (UTC+0200) and will end on April 2nd 1159PM (UTC+0200). The top 10 teams will be qualified for the "Nuit du Hack" 2016 CTF finals, with a maximum of 5 members per team.
A set of 5 free tickets will be offered to the top 10 teams, providing access to the "Nuit du Hack" event that will be held in Paris July 2nd and 3rd (more information on the event's website).
Sysdream will offer the top 3 teams an additional set of 5 free tickets provided access to the "Hack In Paris" event, held in Paris from June 27 to July 1st (more information on the event's website).
Rules are very basic and standard. Any team not playing by the rules or behaving inappropriately will be immediately disqualified.
- Contestants must register as teams and provide real contact information (at least a valid email address) to get further notifications.
- A single account is allowed per team.
- Qualification round consists in solving a set of tasks, divided into 6 categories: Crypto, Forensics, Steganalysis, Webapp, Crackme and Exploit.
- Teams are ranked based on their score and speed: the first team to complete all the tasks will be ranked top 1.
Following rules focus specifically on hints and bonus points.
- There will be no bonus point.
- Four (4) hours before the challenge closes, a hint will be released for every unsolved task.
- Two (2) hour before the challenge closes, an additional hint will be released for every task that remains unsolved.
Most flags are plain strings. Some of them are difficult to spot and are thus marked as such by adding the
In any case, strip the tag and surrounding brackets before validating.
All flags are case-sensitive and leading and trailing spaces are not stripped on our side: be careful when copy-pasting. If you double-checked all the pitfalls and still fail to validate, please ask us on IRC.
In case you spot a mistake, bug, strange behavior or simply are willing to chat with other players, please use IRC.