Full chain Do you have what it takes to pwn all the layers? Intro Hi, last weekend I participated in Google CTF 2021 with my team vh++. To quote from my last year’s writeup: Although I didn’t solve the challenge in time for the points,
Pwnable01 Intro Hi guys, this is the writeup for the challenge Pwnable01 from Whitehat Grandprix 06 Final You may want to checkout the exploit code and challenge’s source Challenge #pwn01: You can ssh into our server as a low-privilege user.
Teleport Please write a full-chain exploit for Chrome. The flag is at /home/user/flag. Maybe there’s some way to tele<port> it out of there? 1. Story Hi, last week I participated in Google CTF 2020 with my team pwnPHOfun
PlaidStore Story Hi, everyone, this is the writeup for the challenge 500pts “mojo” of PlaidCTF 2020. As usual, I got the flag after the CTF has ended :< Well, currently I am not in any active teams, so I decided to pick a hard challenge and do it on my own.
kpets welcome to Kernel Pets Simulator! We wrote a pet store application that was too slow, so we made a kernel module for it instead. Author: pippinthedog Hi everyone, this is the writeup for the Facebook CTF 2019 Qualification Round kpets challenge
IPwnKit Come and take a bite of the Apple! We have reserved you a very special place at the WWPC (World Wide Pwning Conference). Email email@example.com to RSVP and we will reply with your invite.
House-of-loop Hi everyone, this is the writeup for the challenge House-of-loop in the AceBear Security Contest 2019 You may want to checkout the exploit code Description We are given a stripped ELF x64 binary which can be interacted with, our task is to get remote code execution(RCE).
Baby Sandbox This is a challenge of TetCTF, which is hosted from Jan 1st to Jan 7th by MeePwn Team of Vietnam You may want to checkout the exploit code Challenge description We are given 2 binary, one is sandbox and the other one is program.
KSMASH - Kernel Stack Smashing Background This is a Linux Kernel Module(LKM) exploitation challenge by firstname.lastname@example.org host in Round 3 MatesCTF 2018-2019 I solved this challenge overtime :< But It seems that no team solved this so I still sent the exploit to the challenge author for testing and also wrote this writeup.
Pillow Background This is the writeup for the challenge Pillow, created by Samuel Groß(@saelo) of Project Zero, of 35C3 CTF annually organized by @EatSleepPwnRpt happening at the end of year 2018. I didn’t solve this challenge during the CTF, when revisiting this challenge after checkout @LinusHenze repo, I have a big learning oppuntunity to checkout XNU exploitation, which was completely new to me.
By cating and grepping the file, we know that there was a file named /home/memes/flag.c It’s probably a program, so I searched for ./flag Just printing the line doesn’t seem to work so I tried cat memorydump | grep -A 10 -B 10 .
It’s clearly a python compiled program since there is a libpython and also, when using decompiler, there was a function name PyDontWriteByteCode using ‘pyi-archive-viewer’ we can extract the main function. Append headers to the file "\x03\xf3\x0d\x0a\xf1\x32\x75\x5a" using uncompyle, we can get the main function.
The binary loads the flag.txt to the memory and asks us to provide input. Interesting things is that it loads to the same memory segment with the input. Debugging locally, I found it at the offset 752 from the first input bytes.