CrossCTF 2018 Final PWN Write-up Collection


This post will include the two write-ups on Linux pwn challenges:cocacola, gruffybear.
Continue reading “CrossCTF 2018 Final PWN Write-up Collection”


34C3 CTF PWN LFA Write-up


I did not take this challenge during the contest. But after reading the write-up of [1][2][3], I think it’s a good chance to learn about ruby and sandbox escape. According to my test on the local machine, it seems that using one_gadget to get shell is also feasible. In this post, I will talk about how to trigger the vulnerability and hijack control flow to get shell in the end.
Since this is my first time to write ruby script also my first time to write ruby escape, please forgive my ugly code XOrz.
Continue reading “34C3 CTF PWN LFA Write-up”