Blog category: Writeups

Fsb - Pwnable.kr

Posted on Sept. 6, 2016

Writeups Pwnable.kr; Format string;

The format string bug is one of the oldest bugs/vulnerabilities related to the standard lib. It involves a wrong use of an user-controlled string which is passed to a function that makes use of format strings (usually printf) and hence allows to easily read/write data.

Here is a ...

Simple login - Pwnable.kr

Posted on Jan. 19, 2017

Writeups Pwnable.kr; Buffer overflow; EBP;

Fuzzing a little bit we can easily crash the program...there is something weird happening here.

$ ./login 
Authenticate : aaaaaaaaaaaaa
hash : 0df08ae957b3d5ae2d6445c9416fe1cd
Segmentation fault (core dumped)

Analyzing a little bit we can realize that the program crashes at the address 0x08049424:

 ,=< 0x0804940a      7513           jne 0x804941f   
 |   0x0804940c      e84efeffff     call ...

Echo1 - Pwnable.kr

Posted on Jan. 19, 2017

Writeups Pwnable.kr; Buffer overflow;

Once we execute the program, it will ask for our name and then present a menu from where we can choose one type of echo service. BOF echo is the only one working. If we try to overflow the buffer we get a beautiful Segmentation fault (core dumped) that's ...

Unlink - Pwnable.kr

Posted on April 16, 2017

Writeups Pwnable.kr; Heap overflow; Linked list;

Linked lists are the bread and butter of programmers. Even if you are not aware of that, your program is probably using this data type somewhere. Linked lists come in many flavors: simples, circulars, doubles, xor lists, etc...

The goal of this challenge is to exploit a heap overflow which ...

RHme3 Qualifiers: Exploitation

Posted on Sept. 12, 2017

Writeups CTF; UAF; Malloc; GOT;

The Exploitation challenge was the first of the three RHme3 qualification challenges that I manage to solve. As one would expect this was the challs that was solved the most, probably because the majority of CTF players feel more comfortable with exploitation tasks.

So, let's take a look at ...