My personal blog, where I will post things that I find interesting. Mainly CTF writeups for now.
So it’s consistent right? Hint: http://blog.redrocket.club/2020/12/23/HXPCTF-Still_Printf/ Connect with nc litctf.org 31779 Last weekend, I played LIT CTF 2023 with a few friends. We solved 46/53 of the challenges, and ended up in first place overall (and first place in the high school division). I mainly focused on the binary exploitation challenges (and solved all seven of them!), but I also took a look at the pyjail challenges (which were pretty cool!…Read more ⟶
Hack a Bit 0x1 - King of the Hill - Fending off hostile high schoolers on a "semi-isolated" cyber range
Different box this time, your target is now 10.128.0.4–straight to root. Remember that there may be non-vulnerable services on the machine. Recon is the #1 focus. Once you have access to the fourth machine in the range you need to listen on port tcp/5000, you can do this with nc, for example. The flag will be sent at a specific time. Retain control of the box to get all the flags.…Read more ⟶
US Cyber Open 2022 - Too Many Houses - Heap wizardry to stack pivot to arbitrary ROP chain execution
All these talks of houses are starting to ruin the fun of the hunt, maybe you can do something about that 0.cloud.chals.io:20887 Author: lms too_many_houses.tar.gz Too Many Houses was a binary exploitation challenge in the US Cyber Open CTF in 2022, which is the first step toward qualification for the US Cyber Team. At the end of the CTF, it was worth 1000 points and had only 1 solve.…Read more ⟶
Can you really call it a “main"frame if I haven’t used it before now? Author: Research Innovations, Inc. (RII) gibson_s390x.tar Gibson was a binary exploitation challenge in the US Cyber Open CTF in 2022, which is the first step toward qualification for the US Cyber Team. At the end of the CTF, it was worth 1000 points and had 10 solves. I was the fourth solve on this challenge (could have been second if CTFd wasn’t glitching😔).…Read more ⟶
Seems that random.org limits how much entropy you can use per day. So why not reuse entropy? https://imaginaryctf.org/r/505D-inkaphobia https://imaginaryctf.org/r/D39E-libc.so.6 nc chal.imaginaryctf.org 42008 tl; dr Leak stack using leaks in random number generation, use format string to write to the return address and ret2libc. solving Well, we got a binary, a libc, and a netcat connection. Upon running the binary, we see that it lets us “generate” 6 random numbers, and then asks for our name.…Read more ⟶