This blogpost is related to a nice Android reverse engineering challenge: RTCP TRIVIA. The challenge description was: "We now have our very own trivia app! Solve 1000 questions and win a flag!". Ok, try to do it 😉.
Broze ropchain is a simple pwn challenge with a 32 bit binary. The first step is to check the protection of the binary with checksec util:
Srnr is a binary exploitation challenge of redpwn ctf. Running checksec, we can see that there are only Full RELRO and NX protections, but any canary value.
Hey guys, welcome back on Exploitnetoworking! Today we will see the writeup of the binary exploitation challenge Jendy’s by UTCTF. This challenge is an hard pwn binary, that for exploit it, you must use two technics, the first step is manage the heap for obtain an arbitrary free and the second step is use a format string for obtain a write what where.
Welcome back on Exploitnetworking! Today we’ll see an interesting writeup of 35c3ctf ctf for a challenge with an unserialize that permit you to obtain an object injection. The challenge gave us the vulnerable source code: From code we can see that for obtain the flag we need to trigger [...]
Welcome back on Exploitnetworking! Today we’ll see the writeup of Hack The Box Sunday machine. This box was been really easy because with a simple nmap and with some enumerations you can enter in server, after that with some tricks you can get root user.
Alienise was a web challenge of SECT CTF 2018, where you abuse of a nginx misconfiguration for get the flag.
Welcome back on Exploitnetworking! Puppetmatryoshka was a misc challenge of SECT CTF 2018 where it was necessary inspect a pcap file.
Welcome back on Exploitnetworking! PingPong was a pwn challenge of SECT CTF 2018, based on buffer overflow. The main goal was use an overflow to leak the memory addresses of remote libc (for bypass aslr) and then create a ropchain for spawn a shell.
Welcome back on Exploitnetworking. SimpleAuth is a web challenge of TokyoWesterns CTF. The base of this challenge is manipulate the php function parse_str to bypass auth control and get the flag.
