Feb
26

CodeGate 2012 Quals Vuln500 Write-up

1.234.41.7:22 ID : yesMan PWD : ohyeah123 Download vulnerable binary. Vuln500 was a hardened format-string vuln with ASLR, NX-stack, no-DTORs, RO .dynamic

Feb
13

IFSF CTF 2012 #9 – X97

SSH : 208.64.122.235 guest:guest binary Category: exploitation Summary: format string bug, ASLR and NX

Apr
26

PlaidCTF 2011 #20 – C++ upgrade (300)

Category: pwnables They have an update for the vulnerable C++ program trying to fix the bug. However, the coders at AED suck and introduced another stupid mistake. Get a shell (and the key, too.) ssh username@a5.amalgamated.biz Username: cpp2_1 Password: zKQaKrdFPSsT6j03XSt31NaT0H Summary: tricky overflow class’ method and exec’ing symlinks binary

Apr
26

PlaidCTF 2011 #17 – C++5x (300)

Category: pwnables AED decided to use C++ to develop their internal tools. However, they seem to make a mistake one of their new C++ programs. Exploit and get the key! ssh username@a5.amalgamated.biz Username: cpp1_1 Password: IwKheuEHvR1jYXmjIYz8bo8FFe1h8 Summary: tricky overflow class’ method and exec’ing symlinks binary

Apr
26

PlaidCTF 2011 #25 – PC Rogue (600)

Category: pwnables Amalgamated has banned the use of Solitaire due to loss of productivity. The only employee who would write a new game for everyone only likes ‘retro’ games, and has placed a text-adventure version of pacman on a company server. We don’t believe he could have coded this securely, and the server contains a… Continue reading »

Mar
09

Codegate CTF 2011 Vuln 300

This challenge was an exploitation of suid binary. binary Summary: ROPing buffer overflow with NX and ASLR