Introduction
This is a pwn challenge on CodeBlue CTF. As a part of my tutorial plan, I take this one as an example on House of Force technique.Read More »
Month: November 2017
TokyoWestern Qualification 2017 PWN SIMPLE NOTE1 Write-up
Introduction
This is a pwn challenge in TokyoWestern 2017. As part of my tutorial plan, I decide to have a simple write-up on this challenge.Read More »
Exploit Tutorial Plan フラグが立った
Since my CTF teammate hopes me to give a tutorial on writing exploit, I decide to write this post as a working plan. From my perspective, how to write exploit is a huge theme and it’s impossible to cover every aspect of writing exploit in one single post. So I write this post to outline what will be covered in my tutorial and urge me to write following posts.Read More »
Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM
Introduction
This week I find that Codeblue CTF takes VTV as a pwn challenge. So I decide to take a note on this paper presenting in USENIX 2014. And I will give a write-up on the pwn challenge some time later. In this paper, the author mainly proposes two CFI mechanism Virtual Table Verification (VTV) for gcc and Indirect Function Call Check (IFCC) for LLVM. Both CFI aim to verify the validity of indirect forward edge target.Read More »
Analysis on CVE-2013-2551
Introduction
This vulnerability is an integer overflow vulnerability, which involves a signed comparison between a signed integer and an unsigned integer and results in out-of-bound read. The analysis on root cause has already been available online [2][3]. But these talk few about how they locate the root cause in the binary starting from zero knowledge. In this post, I hope to log how I locate the root cause of the vulnerability starting from the crash. Therefore, the post may look tedious but I will try to demonstrate every step I take in my analysis.Read More »
GOOGLE CTF 2017 Qualification PWN CFI Write-up
Introduction
Solves: 5 Points:420
Last week, I introduce PICFI and its implementation (Per-Input Control Flow Integrity), in this post I will give a detailed write-up about my solution on this challenge. Angelboy has posted his write-up on Github [1], so my post will discuss more about the details in PICFI, and how I write the final exploit.Read More »
Analysis on CVE-2016-9793
Introduction
This is a integer overflow vulnerability in Linux Kernel. The exploit code can be found on [1]. This post will mainly discuss on the root cause of this CVE and how the exploit works in the end.Read More »
Per-Input Control Flow Integrity
Introduction
Last week, I find that Google CTF Quals take PICFI as a pwn chanllenge. Since this paper is also mentioned in The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later, I decide to take simple note no this paper and take the pwn challenge to solve.
In this paper, the author propose a more fine-grained CFI compared with conventional CFI proposed by Abadi.Read More »
TokyoWestern Qualification 2017 PWN ASCII ART Write-up
Introduction
Points: 132 Solve: 32
I did not try to solve the challenge during the competition. Recently I picked this challenge as an exercise and found that it’s actually a very interesting challenge on stack buffer overflow.Read More »
氷 菓 