devel0pment.de – hacking, software, it-security

1. January 20194. January 2019

HACKvent18 writeup

For the sixth time in a row now hacking-lab.com carried out the annual HACKvent. Each day from the 1st of december until the 24th a new challenge is published. I would have loved to spend more time on it, but time is a rare resource especially on the days before christmas 😉 After all I managed to solve 21 of 24 tasks:

	Easy
Day 01: Just Another Bar Code Day 02: Me Day 03: Catch me Day 04: pirating like in the 90ies Day 05: OSINT 1 Day 06: Mondrian Day 07: flappy.pl
	Medium
Day 08: Advent Snail Day 09: fake xmass balls Day 10: >_ Run, Node, Run Day 11: Crypt-o-Math 3.0 Day 12: SmartWishList Day 13: flappy’s revenge Day 14: power in the shell
	Hard
Day 15: Watch Me Day 16: Pay 100 Bitcoins Day 17: Faster KEy Exchange Day 18: Be Evil Day 19: PromoCode Day 20: I want to play a game Day 21: muffinCTF (Day 1) Day 22: muffinCTF (Day 2) Day 23: muffinCTF (Day 3)
	Final
Day 24: Take the red pill, take the blue pill

Continue reading “HACKvent18 writeup”

14. August 201814. August 2018

Heap Exploitation: Off-By-One / Poison Null Byte

The goal of this article is to explain in detail how an off-by-one vulnerability on the heap also known as poison null byte can be exploited. Although this technique does not work with the latest libc, I think it can be used very good in order to demonstrate how exploits based on heap-metadata corruption work (also check out shellphish’s how2heap).

In order to do this I created a vulnerable program, which we will use as an example to create such an exploit. If you like to, you can start by analyzing and exploiting the program on your own (at least check out Environment):

–> heap.zip

Though it is not required to the exploit the program, the source-code might be helpful:

–> heap.c

The article is divided into the following sections:

–> Environment
–> Vulnerable Program
–> Heap Basics
–> Libc-Leak
–> Control Instruction Pointer
–> One Gadget
–> Final Exploit

Continue reading “Heap Exploitation: Off-By-One / Poison Null Byte”

15. July 2018

Meepwn CTF Quals 2018 – babysandbox

The Meepwn CTF Quals 2018 (ctftime.org) ran from 13/07/2018, 19:00 UTC to 15/07/2018 19:00 UTC.

There were a lot of interesting-looking challenges. As always, time was the limiting factor 😉 I managed to spend 2 hours on saturday morning solving the pwn challenge babysandbox.

Continue reading “Meepwn CTF Quals 2018 – babysandbox”

1. July 2018

Google CTF 2018 (Quals) – writeup JS safe 2.0

The qualifications for the Google Capture The Flag 2018 (ctftime.org) ran from 23/06/2018, 00:00 UTC to 24/06/2018 23:59 UTC.

The CTF was worked out very well. There have been plenty of interesting and creative challenges.

This time I decided to focus on the category web and managed to solve the challenge JS safe 2.0, which was the easiest one of the web-challenges based on the amount of solves. Nevertheless it really took my some time to dodge all the pitfalls I stumbled upon while solving the challenge.

Continue reading “Google CTF 2018 (Quals) – writeup JS safe 2.0”

22. May 2018

Hacky Easter 2018 writeup

As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. I could not spend as much time as I would have liked to on solving the challenges, but after all I managed to collect 25 of the 27 eggs and focused on this writeup.

	Easy
01 Prison Break 02 Babylon 03 Pony Coder 04 Memeory 05 Sloppy & Paste (mobile) 06 Cooking for Hackers 07 Jigsaw 08 Disco Egg 09 Dial Trial (mobile)
	Medium
10 Level Two 11 De Egg you must (not solved) 12 Patience (mobile) 13 Sagittarius… 14 Same same… 15 Manila greetings 16 git cloak –hard 17 Space Invaders 18 Egg Factory
	Hard
19 Virtual Hen 20 Artist: No Name Yet (not solved) 21 Hot Dog 22 Block Jane 23 Rapbid Learning 24 ELF
	Hidden
25 Hidden Egg #1 26 Hidden Egg #2 27 Hidden Egg #3

Continue reading “Hacky Easter 2018 writeup”

21. May 201822. May 2018

RCTF 2018 – writeup cpushop

The RCTF 2018 (ctftime.org) ran from 19/05/2018, 09:00 UTC to 21/05/2018 08:59 UTC.

I wrote the following writeup for the crypto challenge cpushop.

Continue reading “RCTF 2018 – writeup cpushop”

21. March 20183. January 2019

angstromCTF 2018 – writeup hellcode

The angstromCTF 2018 (ctftime.org) ran from 16/03/2018, 20:00 UTC to 23/03/2018 00:00 UTC.

As the description on ctftime.org states, the ctf is primarily geared towards high school students but with a very wide range of challenge difficulty.

There have been a lot of interesting challenges which have been fun to do. I decided to make a writeup for the pwn challenge hellcode.

Continue reading “angstromCTF 2018 – writeup hellcode”

10. March 201820. May 2018

RPISEC/MBE: writeup lab09 (C++)

In the last lab we focused on Misc and Stack Cookies. In this next to last lab some characteristics when dealing with C++ are introduced.

The lab contains only two levels:
–> lab9C
–> lab9A

Continue reading “RPISEC/MBE: writeup lab09 (C++)”

2. March 201820. May 2018

RPISEC/MBE: writeup lab08 (Misc and Stack Cookies)

While the last lab introduced the subject of Heap Exploitation, this lab focuses on Misc and Stack Cookies.

The lab contains three levels again ranging from C to A:
–> lab8C
–> lab8B
–> lab8A

Continue reading “RPISEC/MBE: writeup lab08 (Misc and Stack Cookies)”

26. February 201820. May 2018

TAMUctf 18 – writeup pwn1-5

The Texas A&M University CTF (ctftime.org) ran for over one week from 17/02/2018, 00:00 UTC to 26/02/2018 00:00 UTC. There have been a lot of challenges starting at a very easy difficulty.

I did the five pwn challenges ranging from 25 to 200 points:
–> pwn1 (25 pts)
–> pwn2 (50 pts)
–> pwn3 (75 pts)
–> pwn4 (125 pts)
–> pwn5 (200 pts)

Continue reading “TAMUctf 18 – writeup pwn1-5”