mailman mailman (423 pts) - 31 solves by Eth007 Description I’m sure that my post office is 100% secure! It uses some of the latest software, unlike some of the other post offices out there…Flag is in ./flag.txt. Attachmentshttps://imaginaryctf.org/r/PIxtO#vuln https://imaginaryctf.org/r/c9Mk8#libc.so.6 nc mailman.chal.imaginaryctf.org 1337 mailman is a heap challenge I did for the ImaginaryCTF 2023 event. It was a basic heap challenge involving tcache poisoning, safe-linking and secc...

Write me a book Write me a Book349 Give back to the library! Share your thoughts and experiences! The flag can be found in /flag Elma nc 34.124.157.94 12346 Write me a book is a heap challenge I did during the Grey Cat The Flag 2023 Qualifiers. You can find the tasks and the exploit here. TL;DRTo manage to read the flag we have to: create overlapping chunks due to an oob write vulnerability in rewrite_books tcache poisoning thanks to the overlapping chunks Overwrite the first entry...

cs2101cs2101 is shellcoding / unicorn sandbox escape challenge I did during the HackTM finals. What we haveThe challenge is splitted into three file: the server, the unicorn callback based checker and the final C program that runs the shellcode without any restrictions. Let’s take a look at the server: 1234567891011121314151617181920212223242526272829303132#!/usr/bin/env python3import osimport sysimport base64import tempfilefrom sc_filter import emulatedef main(): encoded = input(&quo...

chip8 Solves: 24 Easy I just found a repo of a chip-8 emulator, it may be vulnerable but I didn’t had enough time to report the vulnerability with a working PoC.You must find a way to get the flag in memory on the remote service ! Author: Express#8049 Remote service at : nc 51.254.39.184 1337 chip8 is a emulator-pwn challenge I did during the pwnme CTF . You can find the related files here. Code reviewThis challenge is based on an emulator called c8emu that is updated with these lines of co...