Faible Ty Réseau is a basic heap-like challenge, it allows us to create a configuration, edit it, call a function pointer on it and finally to free it:
int __cdecl main(int argc, const char **argv, const char **envp) { int v4; // [rsp+4h] [rbp-Ch] BYREF unsigned __int64 v5; // [rsp+8h] [rbp-8h] v5 = __readfsqword(0x28u); while ( 1 ) { puts(aVousN); printf(a1ModifierLesPa, argv); fflush(stdout); v4 = 0; argv = &v4; __isoc99_scanf(&unk_21F3, &v4); switch ( v4 ) { case 0: printf("wtf ?
Intro Epreuve 12-3 – Coffre En tant que stagiaire vous avez accès aux locaux de la NSB. Vous allez collecter des informations dans les locaux. Un coffre est présent dans les locaux en salle rideau. Il appartient à Richard Cresus de la Tune. Essayez d’ouvrir ce coffre. Quel est l’IBAN contenu dans le coffre ? Format de la réponse : IBAN sans séparateur.
Basically, we have to crack open an electronic safe.
CloudInspect CloundInpect was a hypervisor exploitation challenge I did for the Hack.lu event. I didn’t succeed to flag it within the 48 hours :(. But anyway I hope this write up will be interesting to read! The related files can be found right here After Whiterock released it’s trading bot cloud with special Stonks Sockets another hedge fund, Castel, comes with some competition. The special feature here is called “cloudinspect”.
Hello folks ! Here is a write up for the two first pwn challenges of the ASIS CTF. You can find the related files here.
justpwnit justpwnit was a warmup pwn challenge. That’s only a basic stack overflow. The binary is statically linked and here is the checksec’s output:
[*] '/home/nasm/justpwnit' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) Morever the source code is provided as it is the case for all the pwn tasks !
Blind Date (489 pts) Une société souhaite créer un service en ligne protégeant les informations de ses clients. Pouvez-vous leur montrer qu’elle n’est pas sûre en lisant le fichier flag.txt sur leur serveur ? Les gérants de cette société n’ont pas souhaité vous donner ni le code source de leur solution, ni le binaire compilé, mais ils vous proposent uniquement un accès distant à leur service.
Itsy Mipsy Router (200 pts) Itsy Mipsy Router is a pwn challenge I did during the FCSC event. It’s not a very hard challenge but I found it very interesting because it was my first mips pwn challenge !
Setup So basically we got this:
On vous demander d’auditer un routeur à l’interface entre Internet et un réseau interne d’une entreprise. Le client vous demande si il est possible de lire les fichiers stockés sur la machine filer qui sert de serveur de fichiers HTTP.
The binary can be found right here.
[UnionCTF] Babyrarf Welcome guys,
This Write-Up is about de first pwn challenge of unionctf: babyrarf. It was a really easy challenge with a stack based buffer overflow. The source code was provided so, no need to reverse the binary :).
Let’s take a look at the src!
#include <stdio.h>#include <stdlib.h>#include <stdint.h>#include <unistd.h> typedef struct attack { uint64_t id; uint64_t dmg; } attack; typedef struct character { char name[10]; int health; } character; uint8_t score; int read_int(){ char buf[10]; fgets(buf, 10, stdin); return atoi(buf); } void get_shell(){ execve("/bin/sh", NULL, NULL); } attack choose_attack(){ attack a; int id; puts("Choose an attack:\n"); puts("1.
I’m a french security enthusiast focused on low level stuff especially on binary exploitation / analysis and on kernel stuff. If you have any questions about what I write on my blog, feel free to DM me on discord: nasm#1307.
Doing CTF’s for ret2school, + pwn / RE / kernel. Engineering student at ESIEA.
