Security – ExploitNetworking

Jendy’s
Gallery

Jendy’s

Daniele Scanu2019-03-11T15:25:41+00:00

Hey guys, welcome back on Exploitnetoworking! Today we will see the writeup of the binary exploitation challenge Jendy’s by UTCTF. This challenge is an hard pwn binary, that for exploit it, you must use two technics, the first step is manage the heap for obtain an arbitrary free and the second step is use a format string for obtain a write what where.

Jendy’sDaniele Scanu2019-03-11T15:25:41+00:00

PHP Unserialization 35c3ctf
Gallery

PHP Unserialization 35c3ctf

Daniele Scanu2018-12-29T17:10:09+00:00

Welcome back on Exploitnetworking! Today we’ll see an interesting writeup of 35c3ctf ctf for a challenge with an unserialize that permit you to obtain an object injection. The challenge gave us the vulnerable source code: From code we can see that for obtain the flag we need to trigger [...]

PHP Unserialization 35c3ctfDaniele Scanu2018-12-29T17:10:09+00:00

[HTB] Sunday
Gallery

[HTB] Sunday

Daniele Scanu2018-10-01T09:23:08+00:00

Welcome back on Exploitnetworking! Today we’ll see the writeup of Hack The Box Sunday machine. This box was been really easy because with a simple nmap and with some enumerations you can enter in server, after that with some tricks you can get root user.

[HTB] SundayDaniele Scanu2018-10-01T09:23:08+00:00

Alienise
Gallery

Alienise

Daniele Scanu2018-09-15T10:24:01+00:00

Alienise was a web challenge of SECT CTF 2018, where you abuse of a nginx misconfiguration for get the flag.

AlieniseDaniele Scanu2018-09-15T10:24:01+00:00

Puppetmatryoshka
Gallery

Puppetmatryoshka

Daniele Scanu2018-09-14T14:06:13+00:00

Welcome back on Exploitnetworking! Puppetmatryoshka was a misc challenge of SECT CTF 2018 where it was necessary inspect a pcap file.

PuppetmatryoshkaDaniele Scanu2018-09-14T14:06:13+00:00

PingPong
Gallery

PingPong

Daniele Scanu2018-09-14T14:04:41+00:00

Welcome back on Exploitnetworking! PingPong was a pwn challenge of SECT CTF 2018, based on buffer overflow. The main goal was use an overflow to leak the memory addresses of remote libc (for bypass aslr) and then create a ropchain for spawn a shell.

PingPongDaniele Scanu2018-09-14T14:04:41+00:00

SimpleAuth
Gallery

SimpleAuth

Daniele Scanu2018-09-03T19:56:44+00:00

Welcome back on Exploitnetworking. SimpleAuth is a web challenge of TokyoWesterns CTF. The base of this challenge is manipulate the php function parse_str to bypass auth control and get the flag.

SimpleAuthDaniele Scanu2018-09-03T19:56:44+00:00

[HTB] Celestial writeup
Gallery

[HTB] Celestial writeup

Daniele Scanu2018-11-02T10:10:42+00:00

In this machine there is a nodejs service exploitable in a easy and direct way. And for privilege escalation there is a simple trick with python.

[HTB] Celestial writeupDaniele Scanu2018-11-02T10:10:42+00:00

Ron, Adi and Leonard
Gallery

Ron, Adi and Leonard

Daniele Scanu2018-08-17T21:20:40+00:00

Ron, Adi and Leonard is a funny crypto challenge, based on RSA, in particular in this challenge the exponent e is very big, then the ciphertext is vulnerable to Wiener’s attack.

Ron, Adi and LeonardDaniele Scanu2018-08-17T21:20:40+00:00

Diversity
Gallery

Diversity

Daniele Scanu2018-08-17T21:19:18+00:00

This challenge was a very simple crypto, there was a file called “ciphertext.txt” with some values in hexadecimal, binary, decimal and octal

DiversityDaniele Scanu2018-08-17T21:19:18+00:00