This post is part of my training on hackropole, a french platform that hosts the challenges from the FCSC : an annual competition CTF in France lasting 10 days. The challenges from Hackropole are quite interesting and managing to solve the 3 Stars challenges show really good skills. For my training I focused on the FCSC of this year (2025) and tried to time myself on the challenges to see how long it takes me to do them as a way to evaluate how I’d fare in the real competition. ...

This post is part of my training on hackropole, a french platform that hosts the challenges from the FCSC : an annual competition CTF in France lasting 10 days. The challenges from Hackropole are quite interesting and managing to solve the 3 Stars challenges show really good skills. For my training I focused on the FCSC of this year (2025) and tried to time myself on the challenges to see how long it takes me to do them as a way to evaluate how I’d fare in the real competition. ...

Recently, I started training myself on hackropole, the ANSSI platform that has all the challenges from the past FCSC competitions. So I thought I’d make some writeups for some challenges, here is the writeup for May the Fifth. TLDR lack of boundary check in zForth allow arbitrary read and write use the lack of bounds check to leak PIE address use the PIE address to read got address and gain libc leak overwrite strlen got by system for RCE May the Fifth was a 2 Star challenge from FCSC 2023. A docker-compose.yml is provided so we can test the final exploit on remote. We also had the binary as well as an archive. ...

This year, I solved my first challenge from a big CTF. The challenge was fpon and involved manipulating FSOP for RCE. For this challenge a Dockerfile and the binary were provided. I first extracted the ld and libc from the Docker and used pwninit to have a fpon_patched running with the correct ld and libc, as exploits can work differently if not using the correct version. Now that we are all setup we can look at the challenge. ...