Bronze Ropchain
Daniele Scanu2020-02-24T20:10:11+02:00Broze ropchain is a simple pwn challenge with a 32 bit binary. The first step is to check the protection of the binary with checksec util:
SRNR
Daniele Scanu2020-02-24T20:10:22+02:00Srnr is a binary exploitation challenge of redpwn ctf. Running checksec, we can see that there are only Full RELRO and NX protections, but any canary value.
Jendy’s
Daniele Scanu2020-02-24T20:11:04+02:00Hey guys, welcome back on Exploitnetoworking! Today we will see the writeup of the binary exploitation challenge Jendy’s by UTCTF. This challenge is an hard pwn binary, that for exploit it, you must use two technics, the first step is manage the heap for obtain an arbitrary free and the second step is use a format string for obtain a write what where.
PingPong
Daniele Scanu2018-09-14T14:04:41+02:00Welcome back on Exploitnetworking! PingPong was a pwn challenge of SECT CTF 2018, based on buffer overflow. The main goal was use an overflow to leak the memory addresses of remote libc (for bypass aslr) and then create a ropchain for spawn a shell.
She sells sea shells
Daniele Scanu2020-02-24T21:15:23+02:00Hey guys! Here there is another writeup of a pwn of the HackCon18 ctf. The challenge She Sells Sea Shells was a very easy pwn based on buffer overflow, where you can simply put a shellcode in buffer and jump on it!
Simple yet elegent pwn
Daniele Scanu2020-02-24T21:15:38+02:00Hey guys, it’s just finished the HackCon18 ctf, let’s see the writeup of Simple Yet Elegent pwn. This pwn is based on format string vulnerability and buffer overflow, then our target is leak an address of libc with the format string (because we suppose that ASLR is enabled), and then calculate remote system for spawn a shell.
My first Arm pwn
Daniele Scanu2020-02-24T21:15:55+02:00Recently I have tried for the first time an Arm pwn, a simple program vulnerable to buffer overflow. The only difference between an Arm pwn and a “normal” binary is the assembly code, but look this for see how exploit it.