[Real World CTF 5th] - tinyvm

This is a CTF challenge called TinyVM. The author is very lazy, not wanting to write a description of the challenge, and the code is directly cloned from https://github.com/jakogut/tinyvm. So you can just nc <host> <port> and get flag. As stated in the description, this challenge requires the participants to exploit the lastest version of an open-source virtual machine project available on GitHub. The first step is to clone the project and compile the binary with debug symbols. …

Posted on

[SecurityFest CTF 2022] - krupt

The key to r00t is ZcZQndRX or was it DE7NUC6l? Wait, it was r2JLegUE. Eh, you’ll figure it out. Description This is a classic kernel challenge setup where we need to elevate our privileges to root to read the flag from a file. A few files are provided, namely the kernel image bzImage, the filesystem root.fs.gz, the kernel symbol map System.map and a run script run.sh. The run script launchs a QEMU instance with the required parameters. …

Posted on

[NorthSec CTF 2022] - Shellcode sandbox

I’ve been told that there’s a service running in our infrastructure used by the API team to offload part of their computations. I have a bad feeling about it! Could you take a look at it and make sure it’s safe? There’s a rumour going around that there’s confidential information in some file named flag.txt. Description The description of the challenge only specifies a hostname and a port, but no binary is provided. …

Posted on

[Real World CTF 4th] - SVME

Professor Terence Parr has taught us how to build a virtual machine. Now it’s time to break it! Description The challenge links to a simple VM built by a professor of the University of San Francisco as well as a few slides explaining the architecture. Basically, the VM implements only a couple of operations. The instructions and the operands are all encoded on 32 bits. All the calculations take place in an emulated stack and local and global variables are available to store values. …

Posted on

[DefCamp CTF 2022] - blinsight

Hunting for eggs!! Description This challenge was a bit special because the binary wasn’t provided! All we were given was an IP address and a port. When we connect to the service, we are greeted with a nice message. Are you blind my friend? The server then reads our answer, replies with a short message and closes the connection. No password for you! I tried a few inputs, but the result was always the same. …

Posted on