A few days ago, I happened to know that this is a simplified version of Keen Team’s exploit on Hua Wei baseband. Therefore, I decide to take this as a practice for ARM exploitation. This post is based on the write-up from 217 and KeenTeam. I will add more reversing engineering details in this post.
Continue reading “0CTF2018 Qual MightyDragon PWN Write-up”
This is a very interesting challenge. Generally speaking, this is not a very hard challenge because its vulnerability is very obvious. However, this challenge is not that easy to exploit. First of all, the logic of the programme is very complicated and hard to reverse. Secondly, the exploitation involves multiple exploitation tricks in the end. Thirdly, the exploitation involves many double-to-integer conversion. Continue reading “MeePwnCTF 2018 Qual Pwn Coin Write-up”
As an enthusiast badminton player, I decide to add a cover page for this write-up. As a CTF player, I think it’s necessary to write a wp for this challenge. This challenge is not hard after reading the write-up given on . But I think there are still a lot of things to learn in the field of web security.
Continue reading “MeePwnCTF 2018 Qual Web+PWN 0xBADMINTON Write-up”
It is the only middle score challenge I solve in MeePwn CTF this time. The challenge is a routine menu challenge. The annoying part of this challenge is the complexity of malloc/free operation in each operation in this challenge. I think my exploit make things complicated again , I think it is necessary to record my thoughts during the exploitation.
Continue reading “MeePwnCTF 2018 Qual PWN House-of-Cards Write-up”
After my tutorial on seccomp, thanks for Google CTF for providing such good challenges to learn something new about seccomp escape. Since I was unable to play in Google CTF in time. I think it is necessary to record the challenges.
This post will give the write-up for the execve-sandbox in GoogleCTF. And my write-up is based on  and . Continue reading “GoogleCTF 2018 Qual PWN EXECVE-Sandbox Write-up”
This challenge implements a simplified version of VTint in the binary file. Therefore, this is a good example to introduce vtable reuse attack.
Continue reading “BCTF 2015 PWN Zhongguancun Write-up”
This post will include the two write-ups on Linux pwn challenges:cocacola, gruffybear.
Continue reading “CrossCTF 2018 Final PWN Write-up Collection”