Shellcode, Buffer Overflow and Return Oriented Progamming



In this post, I will simply introduce the shellcode, buffer overflow and return-oriented-programming.
Continue reading “Shellcode, Buffer Overflow and Return Oriented Progamming”

Advanced Heap Exploitation: House of Mind & House of Orange



In this post, I will introduce the exploitation techniques on House of Mind and House of Orange. I will use sample codes, which are similar to the sample code given in [1] to demonstrate House of Orange. For House of Mind, I will try to give a detailed explanation based on source code and debugging info. House of Mind was considered a dead techniques in heap exploitation in the past. However, File Stream Orient Programming (FSOP) has brought life to this technique again.
Continue reading “Advanced Heap Exploitation: House of Mind & House of Orange”

HITCON 2017 CTF Quals Ghost in The Heap


I think this is a challenge worthy to be the last challenge in my CTF tutorial challenges. In this challenge, the author demonstrates the art of manoeuvring chunks of ptmalloc. Under the strict limitations on the number and size of available chunks, it is still possible to create overlapping chunks in the end. Besides this, the FSOP (File Stream Oriented Programming) used in this challenge makes many dead techniques back to life.
I write my exploit under the instructions in [1]. In this post, I will try to give more details on heap manipulation. More detail on FSOP will be given in my tutorial lectures.
Continue reading “HITCON 2017 CTF Quals Ghost in The Heap”

0CTF 2016 Quals PWN Zerostorage Write-up


This challenge is a perfect example to demonstrate unsorted bin attack. Different from HITCON 2016 House of Orange, there are not so many limitations on attacker. So we are given more freedom in manipulating heap and preparing memory. Unlike House of Orange, there seems another much more straightforward solution in [1]. In this post, I will provide a different exploitation plan from [1] based on unsorted bin attack.
Continue reading “0CTF 2016 Quals PWN Zerostorage Write-up”