989 words
window-of-opportunity window-of-opportunity (490 pts) - 11 solvesby Eth007 Description: Sometimes, there is a glimmer of hope, a spark of inspiration, a window of opportunity. Attachmentshttps://imaginaryctf.org/r/izYM0#opportunity_dist.zip nc window-of-opportunity.chal.imaginaryctf.org 1337 window-of-opportunity is a kernel exploitation challenge I did for the ImaginaryCTF 2023. We are given an arbitrary read primitive (and a stack buffer overflow but I didn’t use it), and the goal is basi...
pwn
2.3k words
mailman mailman (423 pts) - 31 solves by Eth007 Description I’m sure that my post office is 100% secure! It uses some of the latest software, unlike some of the other post offices out there…Flag is in ./flag.txt. Attachmentshttps://imaginaryctf.org/r/PIxtO#vuln https://imaginaryctf.org/r/c9Mk8#libc.so.6 nc mailman.chal.imaginaryctf.org 1337 mailman is a heap challenge I did for the ImaginaryCTF 2023 event. It was a basic heap challenge involving tcache poisoning, safe-linking and secc...
pwn
3k words
Write me a book Write me a Book349 Give back to the library! Share your thoughts and experiences! The flag can be found in /flag Elma nc 34.124.157.94 12346 Write me a book is a heap challenge I did during the Grey Cat The Flag 2023 Qualifiers. You can find the tasks and the exploit here. TL;DRTo manage to read the flag we have to: create overlapping chunks due to an oob write vulnerability in rewrite_books tcache poisoning thanks to the overlapping chunks Overwrite the first entry...
Uncategorized
1.3k words
cs2101cs2101 is shellcoding / unicorn sandbox escape challenge I did during the HackTM finals. What we haveThe challenge is splitted into three file: the server, the unicorn callback based checker and the final C program that runs the shellcode without any restrictions. Let’s take a look at the server: 1234567891011121314151617181920212223242526272829303132#!/usr/bin/env python3import osimport sysimport base64import tempfilefrom sc_filter import emulatedef main(): encoded = input(&quo...