This year, I happened to finally have a chance to be in a good position to play Flare-On CTF, a yearly CTF published by FireEye. This year's edition offered 12 reverse-engineering challenges to solve in 6 weeks. This post is mostly a dump of the...
Insomni'Hack CTF 2017 offered a series of 3 challenges (i.e. 3 different flags) on the same binary, called bender_safe: bender_safe was a Reversing challenge (50 pts) to discover the correct validation sequence; bender_safer (this one) was a...
TL;DR: It is possible to defeat stack canary protection when a binary is vulnerable to arbitrary file read. Intro First of, Happy New Year 2017 ✌ Recently, I've decided to thoroughly investigate the "Stack Smashing Protection" (SSP) on recent...
The reverse_box challenge of TWCTF 2016 was a warmup challenge (only 50 points), not really hard. There are plenty of writeups for it, but none of them used the technique I used to solve it in only a few minutes. So I figured I could throw in my 50c …
Info A few weeks ago, I came across a GitHub repository created by @5aelo called armpwn for people wanting to have a bit of ARM fun. I had recently spent some time adding new features and perfectionning old ones to my exploit helper for GDB, gef...
Info The vulnerable file was given with the following instructions: Guess what, it is a heap bug So yes, we'll be dealing with some heap fun. gef➤ !file ./heapfun4u ./heapfun4u: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically...
Info The vulnerable file was given with the instructions: Don't forget to feed me http://www.scs.stanford.edu/brop/ Here are some info given by gef: gef➤ !file ./feedme ./feedme: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),...
Info As usual, the vulnerable file is here gef➤ !file ./feap ./feap: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24,...
I participated to HITB Teaser CTF only to have a bit of fun with there pwnable challenge(s) which I find usually fun and instructive. The teaser only offered one pwnable challenge, named bakery. Info gef➤ !file...
Info gef➤ !file ./web_of_science ./web_of_science: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.24, BuildID[sha1]=85e0df26435ee411258ad39668c9700b1ebadec9,...