RPISEC/MBE: writeup lab04 (Format Strings)

In the last lab, which writeup can be found here, we used publicly available shellcodes as well as shellcodes we had to write on our own, in order to exploit the provided binaries. In this writeup we proceed with the next lab, which focuses on the subject of Format Strings.

As usual there are three levels ranging from C to A:
–> lab4C
–> lab4B
–> lab4A

Continue reading “RPISEC/MBE: writeup lab04 (Format Strings)”

RPISEC/MBE: writeup lab03 (Shellcoding)

The last writeup for RPISEC/MBE lab02 dealt with the subject of Memory Corruption. We used different buffer-overflow vulnerabilities to execute a predefined function shell, which kindly spawned a shell for us. In real life there usually isn’t such a function, we can simply call. Thus we have to inject our own code. Accordingly the next lab described in this writeup brings up the topic of Shellcoding.

Yet again there are three levels ranging from C to A:
–> lab3C
–> lab3B
–> lab3A

Continue reading “RPISEC/MBE: writeup lab03 (Shellcoding)”

RPISEC/MBE: writeup lab01 (Reverse Engineering)

RPISEC is the resident computer security club at Rensselaer Polytechnic Institute. They developed a university course to teach skills in vulnerability research, reverse engineering and binary exploitation. The course material can be found on github including a detailed explanation on how to run the provided VM: https://github.com/RPISEC/MBE.

This article contains my writeup for the first lab (lab01). The lab’s topic is Reverse Engineering and it consists of the following levels:
–> lab1C
–> lab1B
–> lab1A

Continue reading “RPISEC/MBE: writeup lab01 (Reverse Engineering)”

HACKvent17 writeup

As every year hacking-lab.com carried out the annual HACKvent challenge. Each day from the 1st of december until the 24th a new challenge is published. The difficulty raises from day to day. After all I managed to solve 20 of 24 tasks:

Day 01: 5th anniversary
Day 02: Wishlist
Day 03: Strange Logcat Entry
Day 04: HoHoHo
Day 05: Only one hint
Day 06: Santa’s journey
Day 07: i know …
Day 08: True 1337s
Day 09: JSONion
Day 10: Just play the game
Day 11: Crypt-o-Math 2.0
Day 12: giftlogistics
Day 13: muffin_asm
Day 14: Happy Cryptmas
Day 15: Unsafe Gallery
Day 16: Try to escape …
Day 17: Portable NotExecutable
Day 18: I want to play a Game (Reloaded)
Day 19: Cryptolocker Ransomware
Day 20: linux malware
Day 21: tamagotchi
Day 22: frozen flag
Day 23: only perl can parse Perl
Day 24: Chatterbox

Continue reading “HACKvent17 writeup”