eraise

pwn FCSC 2025 solved on

star star

Description

It’s up to you to secure a raise!

This challenge is part of a fictive CTF (Capture The Flag) in Attack/Defense mode! Your team has set up the tool Shovel, which gives you a fine view of the incoming and outgoing traffic from your game VM.

For this service, your team got pwned by an RCE at Tick 0… It could not have been worse! It’s up to you to analyze the exploit from the network captures and replay it on another team.

To fit the FCSC format, we only give you a single flagID: KUHddCSYqwYFWowMzSxzdcHjCm3ayDFs.

The flag format is FCSC_<hex_string>.

Good luck!

Files

  • docker-compose.yml
  • eraise
    21.00 KiB – 69767301a6fe6c1e1e5a703d28eb90dea98084f9b27b4a9b25977081cc0afc0c
  • ld-2.40.so
    239.08 KiB – bc2d8ba9f76040abd791dc75015f89bb0733fb013abbf5365782a8824be12b07
  • libc-2.40.so
    2.08 MiB – 132ba50d4abaeff314e64f5d84daa4e4e6d9b227135bc035fde1b69a81aab204

Author

Cryptanalyse

Challenge Instructions

  1. First, download docker-compose.yml:
    curl https://hackropole.fr/challenges/fcsc2025-pwn-eraise/docker-compose.public.yml -o docker-compose.yml
  2. Launch the challenge by executing in the same folder:
    docker compose up
  3. Then, in another console, access the challenge with Netcat:
    nc localhost 4000
  4. Access the challenge at http://localhost:8000/.
⚠️ Important: You must solve the challenge by interacting with the Docker container through the exposed network port. Any other way is not considered valid.

In case you encounter problems, please consult the FAQ.

Flag

Share my success on Fediverse, Twitter, Linkedin, Facebook, or via email.

Submit your solution

You can submit your writeup for this challenge. Read the FAQ to learn how to proceed.

You need to be logged in to submit a writeup.

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.