My personal blog, where I will post things that I find interesting. Mainly CTF writeups for now.

Hack a Bit 0x1 - King of the Hill - Fending off hostile high schoolers on a "semi-isolated" cyber range


Different box this time, your target is now 10.128.0.4–straight to root. Remember that there may be non-vulnerable services on the machine. Recon is the #1 focus. Once you have access to the fourth machine in the range you need to listen on port tcp/5000, you can do this with nc, for example. The flag will be sent at a specific time. Retain control of the box to get all the flags.…
Read more ⟶

US Cyber Open 2022 - Too Many Houses - Heap wizardry to stack pivot to arbitrary ROP chain execution


All these talks of houses are starting to ruin the fun of the hunt, maybe you can do something about that 0.cloud.chals.io:20887 Author: lms too_many_houses.tar.gz Too Many Houses was a binary exploitation challenge in the US Cyber Open CTF in 2022, which is the first step toward qualification for the US Cyber Team. At the end of the CTF, it was worth 1000 points and had only 1 solve.…
Read more ⟶

US Cyber Open 2022 - Gibson - Stack overflow to RCE on s390x


Can you really call it a “main"frame if I haven’t used it before now? Author: Research Innovations, Inc. (RII) gibson_s390x.tar Gibson was a binary exploitation challenge in the US Cyber Open CTF in 2022, which is the first step toward qualification for the US Cyber Team. At the end of the CTF, it was worth 1000 points and had 10 solves. I was the fourth solve on this challenge (could have been second if CTFd wasn’t glitching[1]😔).…
Read more ⟶

ImaginaryCTF 2021 - inkaphobia


Seems that random.org limits how much entropy you can use per day. So why not reuse entropy? https://imaginaryctf.org/r/505D-inkaphobia https://imaginaryctf.org/r/D39E-libc.so.6 nc chal.imaginaryctf.org 42008 tl; dr Leak stack using leaks in random number generation, use format string to write to the return address and ret2libc. solving Well, we got a binary, a libc, and a netcat connection. Upon running the binary, we see that it lets us “generate” 6 random numbers, and then asks for our name.…
Read more ⟶