Introduction
This is my first pwn attempt on d8 engine. Write a blog to log the debugging process.
Read More »
Category: pwn
0CTF2018 Qual MightyDragon PWN Write-up
Introduction
A few days ago, I happened to know that this is a simplified version of Keen Team’s exploit on Hua Wei baseband. Therefore, I decide to take this as a practice for ARM exploitation. This post is based on the write-up from 217[3] and KeenTeam[4]. I will add more reversing engineering details in this post.
Read More »
MeePwnCTF 2018 Qual Pwn Coin Write-up
Introduction
This is a very interesting challenge. Generally speaking, this is not a very hard challenge because its vulnerability is very obvious. However, this challenge is not that easy to exploit. First of all, the logic of the programme is very complicated and hard to reverse. Secondly, the exploitation involves multiple exploitation tricks in the end. Thirdly, the exploitation involves many double-to-integer conversion. Read More »
MeePwnCTF 2018 Qual Web+PWN 0xBADMINTON Write-up
Introduction
As an enthusiast badminton player, I decide to add a cover page for this write-up. As a CTF player, I think it’s necessary to write a wp for this challenge. This challenge is not hard after reading the write-up given on [1]. But I think there are still a lot of things to learn in the field of web security.
Read More »
MeePwnCTF 2018 Qual PWN House-of-Cards Write-up
Introduction
It is the only middle score challenge I solve in MeePwn CTF this time. The challenge is a routine menu challenge. The annoying part of this challenge is the complexity of malloc/free operation in each operation in this challenge. I think my exploit make things complicated again , I think it is necessary to record my thoughts during the exploitation.
Read More »
GoogleCTF 2018 Qual PWN EXECVE-Sandbox Write-up
Introduction
After my tutorial on seccomp, thanks for Google CTF for providing such good challenges to learn something new about seccomp escape. Since I was unable to play in Google CTF in time. I think it is necessary to record the challenges.
This post will give the write-up for the execve-sandbox in GoogleCTF. And my write-up is based on [1] and [2].Read More »
BCTF 2015 PWN Zhongguancun Write-up
Introduction
This challenge implements a simplified version of VTint in the binary file. Therefore, this is a good example to introduce vtable reuse attack.
Read More »
CrossCTF 2018 Final PWN Write-up Collection
Introduction
This post will include the two write-ups on Linux pwn challenges:cocacola, gruffybear.
Read More »
CrossCTF 2018 Qual PWN Write-up Collection
Introduction
This post will include the write-up of BabyPwn, EasyNote, QuietMoon and SkippingRope. I will explain them one by one.
Read More »
PlaidCTF 2015 PWN PlaidDB Write-up
Introduction
It is just a practice of heap challenge. At time of 2015, the challenge seems difficult and there is no knowledge of one gadget to get shell. How fast the technique evolves!!
Read More »
氷 菓 