window-of-opportunity
window-of-opportunity (490 pts) - 11 solvesby Eth007
Description: Sometimes, there is a glimmer of hope, a spark of inspiration, a window of opportunity.
Attachmentshttps://imaginaryctf.org/r/izYM0#opportunity_dist.zip
nc window-of-opportunity.chal.imaginaryctf.org 1337
window-of-opportunity is a kernel exploitation challenge I did for the ImaginaryCTF 2023. We are given an arbitrary read primitive (and a stack buffer overflow but I didn’t use it), and the goal is basi...
mailman
mailman (423 pts) - 31 solves by Eth007
Description
I’m sure that my post office is 100% secure! It uses some of the latest software, unlike some of the other post offices out there…Flag is in ./flag.txt.
Attachmentshttps://imaginaryctf.org/r/PIxtO#vuln https://imaginaryctf.org/r/c9Mk8#libc.so.6
nc mailman.chal.imaginaryctf.org 1337
mailman is a heap challenge I did for the ImaginaryCTF 2023 event. It was a basic heap challenge involving tcache poisoning, safe-linking and secc...
Write me a book
Write me a Book349
Give back to the library! Share your thoughts and experiences!
The flag can be found in /flag
Elma
nc 34.124.157.94 12346
Write me a book is a heap challenge I did during the Grey Cat The Flag 2023 Qualifiers. You can find the tasks and the exploit here.
TL;DRTo manage to read the flag we have to:
create overlapping chunks due to an oob write vulnerability in rewrite_books
tcache poisoning thanks to the overlapping chunks
Overwrite the first entry...
cs2101cs2101 is shellcoding / unicorn sandbox escape challenge I did during the HackTM finals.
What we haveThe challenge is splitted into three file: the server, the unicorn callback based checker and the final C program that runs the shellcode without any restrictions. Let’s take a look at the server:
1234567891011121314151617181920212223242526272829303132#!/usr/bin/env python3import osimport sysimport base64import tempfilefrom sc_filter import emulatedef main(): encoded = input(&quo...