SSH : 208.64.122.235 guest:guest binary Category: exploitation Summary: format string bug, ASLR and NX
Tag: exploit
Sep 21
hack.lu CTF 2011 Antique Space Shuttle (300)
Category: exploiting Your command is to get as much information about the crew of an antique space shuttle. We know our acient father used finger as reference point at nc ctf.hack.lu 2003 Summary: bash injection, and buffer overflow on a suid binary to get more privilegies
Jun 09
Defcon CTF Quals 2011 – Retro 400
This challenge was on remote exploiting. The binary is for FreeBSD. The program is some kind of a Virtual Machine, with it’s own stack and memory. binary Summary: memory address check mistake, write shellcode and overwrite _exit function pointer
Jun 07
Defcon CTF Quals 2011 – Pwnables 100
This challenge was on remote exploiting. The binary is for FreeBSD. binary Summary: buffer overflow, jump to shellcode (bruteforce address)
Jun 06
Defcon CTF Quals 2011 – Pwnables 200
This challenge was on remote exploiting. The binary is for SunOS (Solaris). binary Summary: shellcoding challenge
Jun 06
Defcon CTF Quals 2011 – Pwnables 400
This challenge was on remote exploiting. The binary is for Linux, statically linked and stripped. binary Summary: overflow, ROP for execve(“/bin/sh”)
Apr 27
PlaidCTF 2011 #23 – Exploit Me :p (200)
Category: pwnables It seems like AED also has some plans to raise hacker force! We found this binary as an exploitation practice program in the office, but they forgot to remove the setgid flag on the program. So we can get the secret key! ssh username@a5.amalgamated.biz Username: exp_1 Password: jNKpzFuRLpsIW9xzqNIpCVF1 Summary: .dynamic->FINI overwriting, execl symlink …
Apr 27
PlaidCTF 2011 #19 – Another small bug (250)
Category: pwnables This time, let’s attack /opt/pctf/z2/exploitme. ssh username@a5.amalgamated.biz Username: z2_1 Password: 29rpJinvpwoI7pzdufQc4h6edzvyh Summary: buffer overflow, static binary binary
Apr 27
PlaidCTF 2011 #18 – A small bug (250)
Category: pwnables Get access to the key using /opt/pctf/z1/exploitme. ssh username@a5.amalgamated.biz Username: z1_1 Password: GwB4eivw9NTvCjmobw1EnuyqcWfJs Summary: race condition, create a symlink before the file is opened binary
Apr 26
PlaidCTF 2011 #20 – C++ upgrade (300)
Category: pwnables They have an update for the vulnerable C++ program trying to fix the bug. However, the coders at AED suck and introduced another stupid mistake. Get a shell (and the key, too.) ssh username@a5.amalgamated.biz Username: cpp2_1 Password: zKQaKrdFPSsT6j03XSt31NaT0H Summary: tricky overflow class’ method and exec’ing symlinks binary
Apr 26
PlaidCTF 2011 #17 – C++5x (300)
Category: pwnables AED decided to use C++ to develop their internal tools. However, they seem to make a mistake one of their new C++ programs. Exploit and get the key! ssh username@a5.amalgamated.biz Username: cpp1_1 Password: IwKheuEHvR1jYXmjIYz8bo8FFe1h8 Summary: tricky overflow class’ method and exec’ing symlinks binary
Apr 26
PlaidCTF 2011 #25 – PC Rogue (600)
Category: pwnables Amalgamated has banned the use of Solitaire due to loss of productivity. The only employee who would write a new game for everyone only likes ‘retro’ games, and has placed a text-adventure version of pacman on a company server. We don’t believe he could have coded this securely, and the server contains a …
Mar 09
Codegate CTF 2011 Vuln 300
This challenge was an exploitation of suid binary. binary Summary: ROPing buffer overflow with NX and ASLR