Janet is a functional and imperative programming language. The entire language (core library, interpreter, compiler, assembler, PEG) is less than 1MB. Last weekend I played the UMassCTF 2021 (with d4rkc0de). The CTF had a couple of Sandbox bypass challenges on Janet REPL v1.1. In both the challenges we are given…


Rop or return-oriented-programming is an exploit technique that is usually used to exploit buffer overflow vulnerabilities in programs running with exploit mitigation features like NX, ASLR, RELRO, etc.

There are a lot of different ROP chain techniques, a couple of them include:

  1. ret2libc: jump directly to a libc address “system”.


Recent zer0pts CTF 2021 had a reversing challenge: infected in the reversing, warmup category. [96 pts]

The backdoor is installed on this machine: nc others.ctf.zer0pts.com 11011 or nc any.ctf.zer0pts.com 11011

How can I use it to get the flag in /root directory?

author:ptr-yudai

infected_bf473725549e7b89f972756fef2936aa.tar.gz

Let's try to load the program…


With the advent of tools like AuditD, SECCOMP and SELinux, we have rules to disable a list of Linux syscalls using a blacklist mechanism. These can be used to strengthen the security of the infrastructure but shouldn’t be trusted blindly. …


AeroCTF had a category of challenges revolving around PICs. The PIC code dump is given for us to analyze and extract the flag from it. ROM dump is given in a hex file: Beginning.hex, also a schematic:

Schematic


The challenge is a flag-checking-service written in web assembly. The flag must be in format hxp{…}. Our goal is to guess the correct flag. I hosted the challenge on my local setup; used Nginx and made sure .wasm files are served with the correct mime-type.

xmas_future

by benediktwerner

Most people…


Hacking a web application using magic files, sqlite3 injection and finally RCE.

Finally (again), a minimalistic, open-source file hosting solution.

file magician-3ace41f3b0282a70.tar.xz (2.1 KiB)

http://78.47.152.131:8000/

The challenge is very minimalistic and it took me quite a while to figure out as the vulnerability is not clear at first few glances.


Hey! We have found this old cartridge under a desk in the library of Lapland. It appears to be for a system called “Emu 2.0”, made back in 1978. These systems don’t get produced anymore, and we can’t seem to find anyone that owns one.

Thankfully we have the…


A wild backdoor has appeared. Press 1 to ptrace :D

While going though some vulnerable servers I was able to find a backdoor present that is only 249 bytes long. The backdoor’s md5sum is 93363683dcf1ccc4db296fa5fde69b71 and is undetected on virustotal and other threat intelligence websites. Reversing this binary gave us…


Voldemort concealed his splitted soul inside 7 horcruxes.
Find all horcruxes, and ROP it!
author: jiwon choi

ssh horcruxes@pwnable.kr -p2222 (pw:guest)

Horcruxes

Horcruxes is a 32bit ELF binary that initializes 7 of Voldemort’s horcuxes in memory. …

Aneesh Dogra

Always been a tinker! Started coding in 2008 (when I was in 8th grade). Fell in love with x86 assembly, C and Linux: Manipulation of memory and getting RCE

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store