angstromCTF 2018 – writeup hellcode

The angstromCTF 2018 (ctftime.org) ran from 16/03/2018, 20:00 UTC to 23/03/2018 00:00 UTC.

As the description on ctftime.org states, the ctf is primarily geared towards high school students but with a very wide range of challenge difficulty.

There have been a lot of interesting challenges which have been fun to do. I decided to make a writeup for the pwn challenge hellcode.

Continue reading “angstromCTF 2018 – writeup hellcode”

RPISEC/MBE: writeup lab04 (Format Strings)

In the last lab, which writeup can be found here, we used publicly available shellcodes as well as shellcodes we had to write on our own, in order to exploit the provided binaries. In this writeup we proceed with the next lab, which focuses on the subject of Format Strings.

As usual there are three levels ranging from C to A:
–> lab4C
–> lab4B
–> lab4A

Continue reading “RPISEC/MBE: writeup lab04 (Format Strings)”

RPISEC/MBE: writeup lab03 (Shellcoding)

The last writeup for RPISEC/MBE lab02 dealt with the subject of Memory Corruption. We used different buffer-overflow vulnerabilities to execute a predefined function shell, which kindly spawned a shell for us. In real life there usually isn’t such a function, we can simply call. Thus we have to inject our own code. Accordingly the next lab described in this writeup brings up the topic of Shellcoding.

Yet again there are three levels ranging from C to A:
–> lab3C
–> lab3B
–> lab3A

Continue reading “RPISEC/MBE: writeup lab03 (Shellcoding)”