Blog

Pwntools + Radare2 debugger

Posted on Aug. 4, 2017

Guides Radare2; Pwntools; Debug;

Pwntools is a cool and useful framework/library for writing exploits.

It comes with an handy built-in method for launching a gdb instance and attaching the target process to it. But, what if we would like to debug the binary we are exploiting with another debugger? That's actually very ...

Scanning for open SMTP relays with nmap

Posted on May 30, 2017

Network SMTP; Nmap;

Among the many features offered by the famous scanner nmap there is also a script to identify open relays (link here). If passed with the option --script to nmap this script will determine if an email server is an open relay.

In order not to scan blindly some ranges we ...

Unlink - Pwnable.kr

Posted on April 16, 2017

Writeups Pwnable.kr; Heap overflow; Linked list;

Linked lists are the bread and butter of programmers. Even if you are not aware of that, your program is probably using this data type somewhere. Linked lists come in many flavors: simples, circulars, doubles, xor lists, etc...

The goal of this challenge is to exploit a heap overflow which ...

Simple login - Pwnable.kr

Posted on Jan. 19, 2017

Writeups Pwnable.kr; Buffer overflow; EBP;

Fuzzing a little bit we can easily crash the program...there is something weird happening here.

$ ./login 
Authenticate : aaaaaaaaaaaaa
hash : 0df08ae957b3d5ae2d6445c9416fe1cd
Segmentation fault (core dumped)

Analyzing a little bit we can realize that the program crashes at the address 0x08049424:

 ,=< 0x0804940a      7513           jne 0x804941f   
 |   0x0804940c      e84efeffff     call ...

Echo1 - Pwnable.kr

Posted on Jan. 19, 2017

Writeups Pwnable.kr; Buffer overflow;

Once we execute the program, it will ask for our name and then present a menu from where we can choose one type of echo service. BOF echo is the only one working. If we try to overflow the buffer we get a beautiful Segmentation fault (core dumped) that's ...