This is the most valuable challenge in NJCTF(worth 600 points). It is a a good practice to write shellcode too. pwntools provide handy APIs to write shellcode.
The child process is chroot jailed, to get the flag outside of the jail, we have to use “ptrace” to attach and modify the parent process to escape the jail.
There are many ways to exploit the vulnerability and we choose the following one
- add a syscall with negative number of registers and hijack the vtable to a stack position.
- input shellcode using the leave notes function
- call the hijacked function pointer
这是我们第一次线下赛，也是一次被全面吊打的经历(ToT)/~~~。 Continue reading “ZCTF线下赛总结”
The program implements some matrix multiplication function, first we should input size of matrix, and than there matrix will be allocated on the stack and calculate multiplication of first two matrix into the third one.
在分析内核态的恶意代码时，常常会遇见向用户态线程插入APC的情况（例如：暗云Bootkit）。那么恶意代码为什么以及如何使用APC插入呢？ Continue reading “关于异步过程调用 APC(Asynchronous Procedure Calls)”
Teaser CTF is launched by Dragon Sector, is a Polish security Capture The Flag team. It was created in February 2013 and currently has 13 active members.
I solved two challenge in the first evening(so easy, power level) and tried to solves the pwnable challenge quine on Sunday Morning but failed, I found a write-any-where vulnerability but I didn’t see how to exploit. Continue reading “Teaser CTF 2015 writeup(So easy, power level)”
I wanted to play with ropc and died a little in installing ropc. Firstly we have to install BAP 0.4. To compile BAP, we need to install ocaml 3.12.1 from source(because ocaml 4.0 can not compile BAP 0.4). Then we need to install camomile from source.(again the default apt-get camomile version failed in the compilation).
PS: the following package should be installed before compiling bap0.4.
apt-get install gcc-multilib g++-multilib
apt-get install binutils-dev automake libpcre3-dev autotools-dev
apt-get install ocaml-findlib camlidl libocamlgraph-ocaml-dev libbfd-dev
another issue is :
asm_program.c:8:23: fatal error: libiberty.h: No such file or directory
It’s such a pain that a end up installing bap using opam…