Hacky Easter 2021 writeup

HackyEaster was awesome again. From a technical point of view there weren’t too much new things, but the creativity of the provided challenges made it really fun. Including the little teaser challenge there were a total amount of 37 challenges. These challenges were divided into different levels. You could only proceed to the next level, if you have earned enough points in the current level. I really liked that new idea.

HE21.00 Teaser Challenge HE21.01 Intro HE21.02 Basement Cat HE21.03 Easy One HE21.04 Beehive HE21.05 Unicorn HE21.06 Mystical Symbols HE21.07 Caesar’s Meme HE21.08 Sunshine HE21.09 Cafe Shop HE21.10 Ghost in a Shell 1 HE21.11 Hidden HE21.12 Ansi Art HE21.13 No No No HE21.14 Haxxor what? HE21.15 Social Checker HE21.16 LOTL HE21.17 Digizzled HE21.18 Bunny Beat HE21.19 😈 HE21.20 Run Me, Baby! HE21.21 Memeory 3.0 – The Final HE21.22 46 Apes HE21.23 Eggcryptor HE21.24 Tacocat HE21.25 Lots of JWTs HE21.26 Lost HE21.27 Ghost in a Shell 2 HE21.28 Haxxor what 2? HE21.29 Sailor’s Knot HE21.30 Pix FX HE21.31 Hunny Bunny HE21.32 Two Yolks HE21.33 Finding Mnemo HE21.34 The Five Seasons HE21.35 The Snake HE21.36 Doldrums

Continue reading “Hacky Easter 2021 writeup”

HACKvent20 writeup

This year’s HACKvent hosted on competition.hacking-lab.com has been as great as every year.
There was a total amount of 28 awesome challenges with varying difficulties.
HV20.(-1) Twelve steps of christmas
HV20.01 Happy HACKvent 2020
HV20.02 Chinese Animals
HV20.03 Packed gifts
HV20.04 Br❤celet
HV20.05 Image DNA
HV20.13 Twelve steps of christmas
HV20.14 Santa’s Special GIFt
HV20.15 Man Commands, Server Lost
HV20.16 Naughty Rudolph
HV20.17 Santa’s Gift Factory Control
HV20.18 Santa’s lost home
HV20.19 Docker Linter Service
HV20.06 Twelve steps of christmas
HV20.07 Bad morals
HV20.08 The game
HV20.09 Santa’s Gingerbread Factory
HV20.10 Be patient with the adjacent
HV20.11 Chris’mas carol
HV20.12 Wiener waltz
HV20.20 Twelve steps of Christmas
HV20.21 Threatened Cat
HV20.22 Padawanlock
HV20.23 Those who make backups are cowards!
HV20.24 Santa’s Secure Data Storage
HV20.H1 It’s a secret!
HV20.H2 Oh, another secret!
HV20.H3 Hidden in Plain Sight
Continue reading “HACKvent20 writeup”

ALLES! CTF 2020 – Actual ASLR 1/2

The ALLES! CTF (ctftime.org) took place from 04/09/2020, 16:00 UTC to 06/09/2020, 19:00 UTC with a variety of interesting, creative challenges.

Within this article I want to share my writeup on the two challenges Actual ASLR 1 and 2, which were authored by LiveOverflow. What I especially liked about the challenge(s) is that you could make progression step by step even getting a first flag on the way to a full shell, which grants access to the second flag.

The article is divided into the following sections:

Actual ASLR 1
    – Binary
    – Random Algorithm
    – Reimplementation In Python
    – First Flag

Actual ASLR 2
    – Custom Heap
    – Vulnerability
    – Heap Leak
    – Image Base Leak
    – Overwriting Function Pointer
    – Final Exploit


Continue reading “ALLES! CTF 2020 – Actual ASLR 1/2”

Hack The Box – Rope

This article contains my writeup on the machine Rope from Hack The Box. I really enjoyed the box, since it provides a total of three custom binaries, which are supposed to be exploited 🙂

The article is divided into the following parts:

User
    – Initial Recon
    – httpserver
    – Leak Memory Address
    – Exploit Format String Vulnerability
    – Escalating from john to r4j (readlogs)

Root
    – Local Recon
    – contact
    – Bruteforce
    – Libc Leak
    – Final Exploit

Continue reading “Hack The Box – Rope”

Hacky Easter 2019 writeup

As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. As usual the variety of the challenges was awesome. I actually got full score this year 🙂 Many thanks to daubsi, who gave me a nudge once in a while on the last challenges (you can find his writeup here).
Easy
01 Twisted
02 Just Watch
03 Sloppy Encryption
04 Disco 2
05 Call for Papers
06 Dots
07 Shell we Argument
08 Modern Art
09 rorriM rorriM
Medium
10 Stackunderflow
11 Memeory 2.0
12 Decrypt0r
13 Symphony in HEX
14 White Box
15 Seen in Steem
16 Every-Thing
17 New Egg Design
18 Egg Storage
Hard
19 CoUmpact DiAsc
20 Scrambled Egg
21 The Hunt: Misty Jungle
22 The Hunt: Muddy Quagmire
23 The Maze
24 CAPTEG
Hidden
25 Hidden Egg #1
26 Hidden Egg #2
27 Hidden Egg #3
Continue reading “Hacky Easter 2019 writeup”

nullcon HackIM 2019 – babypwn

The nullcon HackIM 2019 CTF (ctftime.org) ran from 01/02/2019, 16:30 UTC to 03/02/2019 04:30 UTC.

I did the pwn challenge babypwn, which was really fun to do. The following article contains my writeup being divided into the following sections:

Challenge description
Security mechanisms and disassembly
Signedness vulnerabilitiy
Format string vulnerabilitiy
Final exploit

Continue reading “nullcon HackIM 2019 – babypwn”

Heap Exploitation: Off-By-One / Poison Null Byte

The goal of this article is to explain in detail how an off-by-one vulnerability on the heap also known as poison null byte can be exploited. Although this technique does not work with the latest libc, I think it can be used very good in order to demonstrate how exploits based on heap-metadata corruption work (also check out shellphish’s how2heap).

In order to do this I created a vulnerable program, which we will use as an example to create such an exploit. If you like to, you can start by analyzing and exploiting the program on your own (at least check out Environment):

–> heap.zip

Though it is not required to the exploit the program, the source-code might be helpful:

–> heap.c

The article is divided into the following sections:

–> Environment
–> Vulnerable Program
–> Heap Basics
–> Libc-Leak
–> Control Instruction Pointer
–> One Gadget
–> Final Exploit

Continue reading “Heap Exploitation: Off-By-One / Poison Null Byte”

Hacky Easter 2018 writeup

As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. I could not spend as much time as I would have liked to on solving the challenges, but after all I managed to collect 25 of the 27 eggs and focused on this writeup.
Easy
01 Prison Break
02 Babylon
03 Pony Coder
04 Memeory
05 Sloppy & Paste (mobile)
06 Cooking for Hackers
07 Jigsaw
08 Disco Egg
09 Dial Trial (mobile)
Medium
10 Level Two
11 De Egg you must (not solved)
12 Patience (mobile)
13 Sagittarius…
14 Same same…
15 Manila greetings
16 git cloak –hard
17 Space Invaders
18 Egg Factory
Hard
19 Virtual Hen
20 Artist: No Name Yet (not solved)
21 Hot Dog
22 Block Jane
23 Rapbid Learning
24 ELF
Hidden
25 Hidden Egg #1
26 Hidden Egg #2
27 Hidden Egg #3

Continue reading “Hacky Easter 2018 writeup”

angstromCTF 2018 – writeup hellcode

The angstromCTF 2018 (ctftime.org) ran from 16/03/2018, 20:00 UTC to 23/03/2018 00:00 UTC.

As the description on ctftime.org states, the ctf is primarily geared towards high school students but with a very wide range of challenge difficulty.

There have been a lot of interesting challenges which have been fun to do. I decided to make a writeup for the pwn challenge hellcode.

Continue reading “angstromCTF 2018 – writeup hellcode”