This is the pwn challenge for the SSCTF final. It is a good example of hijacking the length field of a structure to achieve arbitrary read and write primitive. It also provides a playground to practice heap fengshui. Continue reading “SSCTF 2016 final pwn writeup”
这是我们第一次线下赛，也是一次被全面吊打的经历(ToT)/~~~。 Continue reading “ZCTF线下赛总结”
This is a write-up for the 0ctf 2016 quals “VM” reverse challenge worth 7 points.
The main process of solving this challenge contains 3 phase:
- Find the location of input check algorithm
- Reverse input transform algorithm
I wasted much life in the second phase. This function is flattend by a big switch structure and contains a lot of goto instruction. It’s hard to reverse such a function statically, So we use dynamic analysis and black box analysis. we make a few assumptions on the transform pattern. We can reverse the algorithm without understanding assembly or decompiled code.
三个漏洞：1.堆溢出 2.double free 3.任意内存读 Continue reading “RCTF pwn400 shaxian writeup”
The program implements some matrix multiplication function, first we should input size of matrix, and than there matrix will be allocated on the stack and calculate multiplication of first two matrix into the third one.
在分析内核态的恶意代码时，常常会遇见向用户态线程插入APC的情况（例如：暗云Bootkit）。那么恶意代码为什么以及如何使用APC插入呢？ Continue reading “关于异步过程调用 APC(Asynchronous Procedure Calls)”
VolgaCTF is over and I wrote this short writeup for later reference. Continue reading “VolgaCTF short writeup(interstellar, tiny_bash, mathproblem, pwnie)”
Teaser CTF is launched by Dragon Sector, is a Polish security Capture The Flag team. It was created in February 2013 and currently has 13 active members.
I solved two challenge in the first evening(so easy, power level) and tried to solves the pwnable challenge quine on Sunday Morning but failed, I found a write-any-where vulnerability but I didn’t see how to exploit. Continue reading “Teaser CTF 2015 writeup(So easy, power level)”