cs2101cs2101 is shellcoding / unicorn sandbox escape challenge I did during the HackTM finals. What we haveThe challenge is splitted into three file: the server, the unicorn callback based checker and the final C program that runs the shellcode without any restrictions. Let’s take a look at the server: 1234567891011121314151617181920212223242526272829303132#!/usr/bin/env python3import osimport sysimport base64import tempfilefrom sc_filter import emulatedef main(): encoded = input(&quo...

chip8 Solves: 24 Easy I just found a repo of a chip-8 emulator, it may be vulnerable but I didn’t had enough time to report the vulnerability with a working PoC.You must find a way to get the flag in memory on the remote service ! Author: Express#8049 Remote service at : nc 51.254.39.184 1337 chip8 is a emulator-pwn challenge I did during the pwnme CTF . You can find the related files here. Code reviewThis challenge is based on an emulator called c8emu that is updated with these lines of co...

Heap-Hop Solves: 31 Medium Heap exploitation is cool, and the best is when no free is used. >Try to pwn the challenge and get the flag remotely. Note: You must spawn an instance to solve this challenge. You can connect to it with netcat: nc IP PORT Author: Express#8049 Remote service at : nc 51.254.39.184 1336 Heap-hop is a heap exploitation challenge I did during the pwnme CTF. It involved classic tricks like tcache poisoning and GOT hiijacking. You can find the related files here. TL...

IntroductionFile streams are now a very common attack surface, here is a high level introduction that should make you understand the design of known attacks beyond the code reading for a particular function. I already talked about FSOP here. This article reviews glibc 2.36. Most of this article comes from this awesome series of articles about the _IO_FILE strcuture. Global designAs said in my previous writeup: Basically on linux “everything is a file” from the character device the any stream...