Superfast was an "easy" exploit challenge during the HTB Business CTF 2022. While rated easy I found it to be rather tricky. The challenge was based on a custom shared library loaded into php and exposed through a webserver.
Read MoreTime for another writeup on this totally well maintained blog 👀. Insider was an exploit challenge during the 2022 Business CTF from HackTheBox named DirtyMoney. It was based on a simple FTP Server with a fun easteregg and different bugs and ways to exploit it.
This writeup describes an exploit which does in fact not use
libc
or
one_gadget
or any
hooks
.
HowToHeap was a medium rated challenge during the CyberSecurityRumble 2020 (CSR20) CTF. While not particular difficult, it allowed players to explore a new concept introduced with Libc 2.32: Safe-Linking.
In this writeup we will not only solve a CTF-Challenge, but also take a look at what at this new mitigation technique introduced in the latest glibc.
Read MoreEmojidb was a 250 points pwn challenge during the PlaidCTF 2020. Unfortunately I didn't solve this challenge in time, which was mostly due to the fact it communicated only in emojis. To be specific, all data send and received was UTF-8 encoded . What's so difficult about that you ask? Read on and find out about my stupid journey through character encoding. Oh, and also: The bug which had to be exploited was super cool and it took a nice journey through glibc to find out why it happened.
Read Morereee was a reversing challenge during the PlaidCTF 2020. The challenge was worth 150 points, and thus being relatively easy.
Read More