CrossCTF 2018 Qual PWN Write-up Collection


This post will include the write-up of BabyPwn, EasyNote, QuietMoon and SkippingRope. I will explain them one by one.
Continue reading “CrossCTF 2018 Qual PWN Write-up Collection”


34C3 CTF PWN LFA Write-up


I did not take this challenge during the contest. But after reading the write-up of [1][2][3], I think it’s a good chance to learn about ruby and sandbox escape. According to my test on the local machine, it seems that using one_gadget to get shell is also feasible. In this post, I will talk about how to trigger the vulnerability and hijack control flow to get shell in the end.
Since this is my first time to write ruby script also my first time to write ruby escape, please forgive my ugly code XOrz.
Continue reading “34C3 CTF PWN LFA Write-up”