Open in app

Sign In

Write

Sign In

Nguyễn Tín
Nguyễn Tín

19 Followers

Home

About

Oct 23, 2020

How to Pwn???

Vài dòng tâm sự Trước kia có viết về pwnable cơ bản nhưng vì vài lí do riêng mà chưa hoàn thành được, nay vì các bạn khóa mới nên mình sẽ chém gió vài điều cho những ai chưa biết, biết rồi, có cả đam mê về bộ môn này. …

Pwnable

3 min read

Pwnable

3 min read


Jun 18, 2020

NahamCon CTF 2020

although this event i can only finished 1 one challenge but i learnt a lot from others writeup. It’s make me feel that I only have the width not the depth in exploiting. Now I need to reflect meself about what i’ve been doing right now. That’s some random shit…

Nahamcon

6 min read

NahamCon CTF2020
NahamCon CTF2020
Nahamcon

6 min read


May 14, 2020

silver bullet — pwnable.tw

###gathering

Pwnable

3 min read

silver bullet — pwnable.tw
silver bullet — pwnable.tw
Pwnable

3 min read


May 10, 2020

dubblesort — pwnable.tw

###gathering

Ctf

4 min read

dubblesort — pwnable.tw
dubblesort — pwnable.tw
Ctf

4 min read


May 3, 2020

3x17 — pwnable.tw

###gathering because the binary was statistically linked, all of the function will be harder to reversing main creating buf at rbp -0x20 sub_40EE70 when I first jump in and back out again it’s only passing 1 arg

Ctf Writeup

4 min read

3x17 — pwnable.tw
3x17 — pwnable.tw
Ctf Writeup

4 min read


May 2, 2020

calc — pwnable.tw

###phân tích rõ các hàm trong challenge hàm main đầu tiên chương trình thực hiện gọi hàm ssignal và alarm The function ssignal() defines the action to take when the software signal with number signum is raised using the function gsignal(), and returns the previous such action or SIG_DFL. nom na là chương trình sẽ gọi signal-handler…

Writeup

8 min read

calc — pwnable.tw
calc — pwnable.tw
Writeup

8 min read


Apr 24, 2020

ROP64 — PicoCTF2019

If you read my previous writeup about rop32 then this one should be easy for you, i just need to remind you about the registers before execute syscall rax == 0x3b (59 in dec) rdi == point to address contain ‘/bin/sh’ rsi == NULL rdx == NULL now we need…

Rop64

2 min read

ROP64 — PicoCTF2019
ROP64 — PicoCTF2019
Rop64

2 min read


Apr 23, 2020

ROP32 — PicoCTF2019

It’s been a long time since my last writeup, now i came back with this exciting challenge. I knew that there’s a lot of writeup about this challenge on the internet but this one I only based my own limited knowledge. so let’s jump in!!! DESCRIPTION Can you exploit the following…

Ctf Writeup

6 min read

ROP32 — PicoCTF2019
ROP32 — PicoCTF2019
Ctf Writeup

6 min read


Dec 22, 2019

picoCTF 2018

i know it’s kinda old but i really love this kind of rop challenge. 1. Source code #include <stdio.h> #include <stdlib.h> #include <string.h> #include <unistd.h> #include <sys/types.h> #include <stdbool.h> #define BUFSIZE 16 bool win1 = false; bool win2 = false; void win_function1() { win1 = true; } void win_function2(unsigned int arg_check1) {…

Writeup

3 min read

picoCTF 2018
picoCTF 2018
Writeup

3 min read


Dec 17, 2019

watevrCTF 2019

#voting machine 1 (bof) cái này bof cơ bản. mình sẽ nói sơ cách solve objdump -dđể dump ra các hàm có thể disassembly được (vì đây là file unstripped) => có được địa chỉ flag (hàm secret) tìm offset + p32(secret) #voting machine 2 (format string) mở trình disassembler lên tìm hàm main test thử bin

Ctf Writeup

2 min read

watevrCTF 2019
watevrCTF 2019
Ctf Writeup

2 min read

Nguyễn Tín

Nguyễn Tín

19 Followers

a loner

Following
  • Ninja Hatori

    Ninja Hatori

  • Jang

    Jang

  • m4n0w4r

    m4n0w4r

  • Cong Wang

    Cong Wang

  • Guillaume Lesniak

    Guillaume Lesniak

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech