Oct 23, 2020How to Pwn???Vài dòng tâm sự Trước kia có viết về pwnable cơ bản nhưng vì vài lí do riêng mà chưa hoàn thành được, nay vì các bạn khóa mới nên mình sẽ chém gió vài điều cho những ai chưa biết, biết rồi, có cả đam mê về bộ môn này. …Pwnable3 min readPwnable3 min read
Jun 18, 2020NahamCon CTF 2020although this event i can only finished 1 one challenge but i learnt a lot from others writeup. It’s make me feel that I only have the width not the depth in exploiting. Now I need to reflect meself about what i’ve been doing right now. That’s some random shit…Nahamcon6 min readNahamcon6 min read
May 3, 20203x17 — pwnable.tw###gathering because the binary was statistically linked, all of the function will be harder to reversing main creating buf at rbp -0x20 sub_40EE70 when I first jump in and back out again it’s only passing 1 argCtf Writeup4 min readCtf Writeup4 min read
May 2, 2020calc — pwnable.tw###phân tích rõ các hàm trong challenge hàm main đầu tiên chương trình thực hiện gọi hàm ssignal và alarm The function ssignal() defines the action to take when the software signal with number signum is raised using the function gsignal(), and returns the previous such action or SIG_DFL. nom na là chương trình sẽ gọi signal-handler…Writeup8 min readWriteup8 min read
Apr 24, 2020ROP64 — PicoCTF2019If you read my previous writeup about rop32 then this one should be easy for you, i just need to remind you about the registers before execute syscall rax == 0x3b (59 in dec) rdi == point to address contain ‘/bin/sh’ rsi == NULL rdx == NULL now we need…Rop642 min readRop642 min read
Apr 23, 2020ROP32 — PicoCTF2019It’s been a long time since my last writeup, now i came back with this exciting challenge. I knew that there’s a lot of writeup about this challenge on the internet but this one I only based my own limited knowledge. so let’s jump in!!! DESCRIPTION Can you exploit the following…Ctf Writeup6 min readCtf Writeup6 min read
Dec 22, 2019picoCTF 2018i know it’s kinda old but i really love this kind of rop challenge. 1. Source code #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <stdbool.h> #define BUFSIZE 16 bool win1 = false; bool win2 = false; void win_function1() { win1 = true; } void win_function2(unsigned int arg_check1) {…Writeup3 min readWriteup3 min read
Dec 17, 2019watevrCTF 2019#voting machine 1 (bof) cái này bof cơ bản. mình sẽ nói sơ cách solve objdump -dđể dump ra các hàm có thể disassembly được (vì đây là file unstripped) => có được địa chỉ flag (hàm secret) tìm offset + p32(secret) #voting machine 2 (format string) mở trình disassembler lên tìm hàm main test thử binCtf Writeup2 min readCtf Writeup2 min read
