Feb
26

CodeGate 2012 Quals Vuln500 Write-up

1.234.41.7:22 ID : yesMan PWD : ohyeah123 Download vulnerable binary. Vuln500 was a hardened format-string vuln with ASLR, NX-stack, no-DTORs, RO .dynamic

Feb
13

IFSF CTF 2012 #9 – X97

SSH : 208.64.122.235 guest:guest binary Category: exploitation Summary: format string bug, ASLR and NX

Apr
26

PlaidCTF 2011 #20 – C++ upgrade (300)

Category: pwnables They have an update for the vulnerable C++ program trying to fix the bug. However, the coders at AED suck and introduced another stupid mistake. Get a shell (and the key, too.) ssh username@a5.amalgamated.biz Username: cpp2_1 Password: zKQaKrdFPSsT6j03XSt31NaT0H Summary: tricky overflow class’ method and exec’ing symlinks binary

Apr
26

PlaidCTF 2011 #17 – C++5x (300)

Category: pwnables AED decided to use C++ to develop their internal tools. However, they seem to make a mistake one of their new C++ programs. Exploit and get the key! ssh username@a5.amalgamated.biz Username: cpp1_1 Password: IwKheuEHvR1jYXmjIYz8bo8FFe1h8 Summary: tricky overflow class’ method and exec’ing symlinks binary

Apr
26

PlaidCTF 2011 #25 – PC Rogue (600)

Category: pwnables Amalgamated has banned the use of Solitaire due to loss of productivity. The only employee who would write a new game for everyone only likes ‘retro’ games, and has placed a text-adventure version of pacman on a company server. We don’t believe he could have coded this securely, and the server contains a… Continue reading »

Mar
09

Codegate CTF 2011 Vuln 300

This challenge was an exploitation of suid binary. binary Summary: ROPing buffer overflow with NX and ASLR

Oct
30

Hack.lu 2010 CTF Challenge #19 Writeup

Magicwall (400) Captain Hook found the following link after looting his last frigate. He heard that the file flag on this system is worth 400 coins. Give him this file and he will reward you! ssh: pirates.fluxfingers.net:7022 user: ctf password: ctf In the box, there was a suid executable, which we were to compromise to… Continue reading »