Tag: symlink

hack.lu CTF 2011 Antique Space Shuttle (300)

Category: exploiting Your command is to get as much information about the crew of an antique space shuttle. We know our acient father used finger as reference point at nc ctf.hack.lu 2003 Summary: bash injection, and buffer overflow on a suid binary to get more privilegies

Continue reading

PlaidCTF 2011 #23 – Exploit Me :p (200)

Category: pwnables It seems like AED also has some plans to raise hacker force! We found this binary as an exploitation practice program in the office, but they forgot to remove the setgid flag on the program. So we can get the secret key! ssh username@a5.amalgamated.biz Username: exp_1 Password: jNKpzFuRLpsIW9xzqNIpCVF1 Summary: .dynamic->FINI overwriting, execl symlink …

Continue reading

PlaidCTF 2011 #17 – C++5x (300)

Category: pwnables AED decided to use C++ to develop their internal tools. However, they seem to make a mistake one of their new C++ programs. Exploit and get the key! ssh username@a5.amalgamated.biz Username: cpp1_1 Password: IwKheuEHvR1jYXmjIYz8bo8FFe1h8 Summary: tricky overflow class’ method and exec’ing symlinks binary

Continue reading