Introduction
In this post, I will simply introduce the shellcode, buffer overflow and return-oriented-programming.
Read More »
Month: December 2017
34C3 CTF Pwn Readme-revenge Write-up
Introduction
I fail to solve this challenge during the contest. There is a simple buffer overflow vulnerability in this challenge and trigger control flow hijacking. But I spent a lot of time searching for ROP gadgets in the binary. After reading [1], I know I am too naive.
Read More »
34C3 CTF Pwn SimpleGC Write-up
Introduction
This is the only challenge I solve in 34C3 CTF. There is a Use-After-Free vulnerability in the programme. The biggest trouble for me in this challenge is how to set the testing environment for libc-2.26 and learn something new about Thread Cache malloc.
Read More »
X-MAS CTF 2017 PWN Bookstore
Introduction
Due to some personal stuff during Christmas day. I did not solve this challenge during the contest. But I solved this last night and I decided to post my solution here. I am 100% sure that my solution is tedious and complicated. In future I may find a better solution.
Read More »
Advanced Heap Exploitation: House of Mind & House of Orange
Introduction
In this post, I will introduce the exploitation techniques on House of Mind and House of Orange. I will use sample codes, which are similar to the sample code given in [1] to demonstrate House of Orange. For House of Mind, I will try to give a detailed explanation based on source code and debugging info. House of Mind was considered a dead techniques in heap exploitation in the past. However, File Stream Orient Programming (FSOP) has brought life to this technique again.
Read More »
HITCON 2017 CTF Quals Ghost in The Heap
Introduction
I think this is a challenge worthy to be the last challenge in my CTF tutorial challenges. In this challenge, the author demonstrates the art of manoeuvring chunks of ptmalloc. Under the strict limitations on the number and size of available chunks, it is still possible to create overlapping chunks in the end. Besides this, the FSOP (File Stream Oriented Programming) used in this challenge makes many dead techniques back to life.
I write my exploit under the instructions in [1]. In this post, I will try to give more details on heap manipulation. More detail on FSOP will be given in my tutorial lectures.
Read More »
0CTF 2016 Quals PWN Zerostorage Write-up
Introduction
This challenge is a perfect example to demonstrate unsorted bin attack. Different from HITCON 2016 House of Orange, there are not so many limitations on attacker. So we are given more freedom in manipulating heap and preparing memory. Unlike House of Orange, there seems another much more straightforward solution in [1]. In this post, I will provide a different exploitation plan from [1] based on unsorted bin attack.
Read More »
HITCON 2016 CTF Quals House-of-Orange Write-up
Introduction
The author of this challenge presents us some awesome exploitation techniques in libc. Technically, this challenge involves two tricks in heap exploitation. One is House-of-Orange, which enables attacker to trigger _int_free even if there is no available free function. Another one is File Stream Oriented Programming, an advanced exploitation technique on FILE structure. Since in HITCON 2017 CTF Quals, a more advanced FSOP was proposed. Therefore, in this post I will mainly discuss House of Orange and mention a bit on FSOP.
Read More »
Introduction on Ptmalloc Part 2
Introduction
In the first part of this lecture, I introduce the structure of memory chunk and the internal implementation of memory allocation in ptmalloc. In this part, I will continue the remaining part in ptmalloc. First, I will give a introduction on deallocation and reallocation procedure in ptmalloc. Then I will introduce the security checks in ptmalloc and their intentions.Read More »
0CTF 2017 Quals PWN Babyheap Write-up
Introduction
This PWN challenge is given on 0CTF 2017 Qualification. As part of my tutorial, I take it as an example for explaining fastbin attack.Read More »
氷 菓 