Select Page

m0leCon CTF 2020 Teaser: BLACKY-ECHO write-up

This is a PWN challenge (149 pt, 33 solves). Those functions are many, and all of them can be used!nc challs.m0lecon.it 9011Author: @madt1m We were given the binary file: peilin@PWN:~/m0leconctf-2020/blacky-echouser@computer$ file blacky_echoblacky_echo: ELF 64-bit...

DEF CON CTF Qualifier 2020: introool write-up

This is a PWN + shellcoding challenge (135 pt, 36 solves). I solved this challenge with @ArRu. one NOP sled + two patches + three ROP gadgets => flag?introool.challenges.ooo 4242 No files are provided. Let’s nc and see what happens:...

IJCTF 2020: babyheap write-up

Playing with House of Einherjar! This is a 620pt PWN challenge. Binary and libc were given. libc version: libc6_2.23-0ubuntu10_amd64.so. peilin@PWN:~/ijctf/babyheapuser@computer$ file babyheapbabyheap: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV),...

WPICTF 2020: dont@me write-up

Note: I did not solve this challenge during the CTF. Thanks team @Srdnle for this great write-up! Also thanks @ajmalsiddiqui for the ngrok hint! dont@me (200pt PWN, 3 Solves), made by: @rm -k, fixed by: @awgtweet @JohnSmi31885382 Seems like we should @ John Smith on...

WPICTF 2020: dorsia4 write-up

dorsia4 (400pt PWN, 5 Solves), author: @awg #include<stdio.h> #include<stdlib.h> char a[69]; int i, d; void main() { char b[69] = {0}; for(;;) { printf(“%p giv i b\n”, system+765772); scanf(“%i %x”, &i, &d); if (i>69) break; a[i]...

ContrailCTF 2019: instant_httpserver write-up

Description Leaking stack canary Bypassing PIE Leaking libc base address Getting a shell Conlusion 1. Description OK so this is a 304pt PWN challenge. You can still play it here (Jan. 21th, 2020). peilin@PWN:~/contrailctf/instant_httpserveruser@computer$ file...