[SecurityFest CTF 2022] - krupt

The key to r00t is ZcZQndRX or was it DE7NUC6l? Wait, it was r2JLegUE. Eh, you’ll figure it out. Description This is a classic kernel challenge setup where we need to elevate our privileges to root to read the flag from a file. A few files are provided, namely the kernel image bzImage, the filesystem root.fs.gz, the kernel symbol map System.map and a run script run.sh. The run script launchs a QEMU instance with the required parameters. …

Posted on

[NorthSec CTF 2022] - Shellcode sandbox

I’ve been told that there’s a service running in our infrastructure used by the API team to offload part of their computations. I have a bad feeling about it! Could you take a look at it and make sure it’s safe? There’s a rumour going around that there’s confidential information in some file named flag.txt. Description The description of the challenge only specifies a hostname and a port, but no binary is provided. …

Posted on

[Real World CTF 4th] - SVME

Professor Terence Parr has taught us how to build a virtual machine. Now it’s time to break it! Description The challenge links to a simple VM built by a professor of the University of San Francisco as well as a few slides explaining the architecture. Basically, the VM implements only a couple of operations. The instructions and the operands are all encoded on 32 bits. All the calculations take place in an emulated stack and local and global variables are available to store values. …

Posted on

[DefCamp CTF 2022] - blinsight

Hunting for eggs!! Description This challenge was a bit special because the binary wasn’t provided! All we were given was an IP address and a port. When we connect to the service, we are greeted with a nice message. Are you blind my friend? The server then reads our answer, replies with a short message and closes the connection. No password for you! I tried a few inputs, but the result was always the same. …

Posted on

[Hackfest 2020 CTF] - salt2

Description This challenge was the only PWN challenge of the Hackfest 2020 CTF. Our team was the only one to solve it in time. Recon The binary is a costume shop. You can buy costumes, see the bill, edit your choices or give a coupon or a feedback. The binary is 64 bits, with PIE protection but (oddly) no NX. We notice that negatives indexes can be used while choosing a costume and editing our cart. …

Posted on