There were a lot of interesting-looking challenges. As always, time was the limiting factor 😉 I managed to spend 2 hours on saturday morning solving the pwn challenge babysandbox.
|As every year hacking-lab.com carried out the annual Hacky Easter event with 27 challenges. I could not spend as much time as I would have liked to on solving the challenges, but after all I managed to collect 25 of the 27 eggs and focused on this writeup.|
As the description on ctftime.org states, the ctf is primarily geared towards high school students but with a very wide range of challenge difficulty.
There have been a lot of interesting challenges which have been fun to do. I decided to make a writeup for the pwn challenge hellcode.
In the last lab we focused on Misc and Stack Cookies. In this next to last lab some characteristics when dealing with C++ are introduced.
While the last lab introduced the subject of Heap Exploitation, this lab focuses on Misc and Stack Cookies.
After we have introduced ASLR and ways to bypass it in the last writeup, we will expand our exploits to the Heap in this lab.
The previous lab focused on the subject of return oriented programming in order to circumvent data execution prevention. The next lab described in this writeup introduces ASLR.
Note: ASLR should be enabled by now.
In the last writeup we used different format string vulnerabilites in order to exploit the provided binaries. This writeup continues with lab05 which introduces DEP and ROP.
In the last lab, which writeup can be found here, we used publicly available shellcodes as well as shellcodes we had to write on our own, in order to exploit the provided binaries. In this writeup we proceed with the next lab, which focuses on the subject of Format Strings.