CodeBlue CTF 2017 PWN NOMAMESTILL Write-up


This is a pwn challenge on CodeBlue CTF. As a part of my tutorial plan, I take this one as an example on House of Force technique. Continue reading “CodeBlue CTF 2017 PWN NOMAMESTILL Write-up”


Exploit Tutorial Plan フラグが立った


Since my CTF teammate hopes me to give a tutorial on writing exploit, I decide to write this post as a working plan. From my perspective, how to write exploit is a huge theme and it’s impossible to cover every aspect of writing exploit in one single post. So I write this post to outline what will be covered in my tutorial and urge me to write following posts. Continue reading “Exploit Tutorial Plan フラグが立った”

Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM


This week I find that Codeblue CTF takes VTV as  a pwn challenge. So I decide to take a note on this paper presenting in USENIX 2014. And I will give a write-up on the pwn challenge some time later. In this paper, the author mainly proposes two CFI mechanism Virtual Table Verification (VTV) for gcc and Indirect Function Call Check (IFCC) for LLVM. Both CFI aim to verify the validity of indirect forward edge target. Continue reading “Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM”

Analysis on CVE-2013-2551


This vulnerability is an integer overflow vulnerability, which involves a signed comparison between a signed integer and an unsigned integer and results in out-of-bound read. The analysis on root cause has already been available online [2][3]. But these talk few about how they locate the root cause in the binary starting from zero knowledge. In this post, I hope to log how I locate the root cause of the vulnerability starting from the crash. Therefore, the post may look tedious but I will try to demonstrate every step I take in my analysis. Continue reading “Analysis on CVE-2013-2551”

GOOGLE CTF 2017 Qualification PWN CFI Write-up


Solves: 5 Points:420

Last week, I introduce PICFI and its implementation  (Per-Input Control Flow Integrity), in this post I will give a detailed write-up about my solution on this challenge. Angelboy has posted his write-up on Github [1], so my post will discuss more about the details in PICFI, and how I write the final exploit. Continue reading “GOOGLE CTF 2017 Qualification PWN CFI Write-up”