Once we execute the program, it will ask for our name and then present a menu from where we can choose one type of echo service. BOF echo is the only one working. If we try to overflow the buffer w...

Let’s have a look to the code of uaf.cpp: #include <fcntl.h> #include <iostream> #include <cstring> #include <cstdlib> #include <unistd.h> using namespace std; class...

The format string bug is one of the oldest bugs/vulnerabilities related to the standard lib. It involves a wrong use of an user-controlled string which is passed to a function that makes use of for...

This level adds nothing new to the previous nine crackmes of the IOLI - suite Let’s have a look to the function main: [0x08048420]> pdf @ main / (fcn) main 120 | ; var int local_78h...

As usual, we have a program: ascii_easy, which has the permissions to get the flag. After a fast reverse-engineering we can imagine that the source code from where it comes from should look more o...

This time we have to test the performance of two different implementations of the function memcpy. This is the code: // compiled with : gcc -o memcpy memcpy.c -m32 -lm #include <stdio.h> #i...

Another challenge where we need to escape from a restricted situation. This time we have complete control on the argument passed the function system but, just to make sure we will not do anything h...

Shellshock indicates a family of bugs who affected bash, which was disclosed the 24 September 2014 (CVE-2014-6271). For this challenge we need to use it in order to get the flag: shellshock@ubunt...

Once logged in we need to have a look to the code source of input: input.c #include <stdio.h> #include <stdlib.h> #include <string.h> #include <sys/socket.h> #include <a...

The Internet is extremely full of articles about the principles of an ARP cache poisoning attack, I will rather show how to perform some of the most basic ARP spoofing attacks using Ettercap, a p...