Qiwi ctf write-ups cont.

As I said, here is the rest of the tasks. PWN 100_5 Description: nc 138.201.98.60 3333  binary Looking at the binary, it turns out to be a server that accepts commands LIST, LAST, HELP and one more command that is said to be a secret one, but the prompt that invited us when connecting didn't give any hint about what it can be, looking at it in disassembler and searching with strings that were...

Read More

Qiwi ctf write-ups

I did participate in the qiwictf that was held on 17.11-18.11 but I had chance to play for one day only, here are some tasks that I've managed to solve. PWN 100_4 Description: My_first_calc… sorry... you can use it in 138.201.98.43:4000 After netcat-ing to the given address we can see calculator that...

Read More

Part 4 | Stack-based Buffer Overflow exploitation to shell by example

This is the next part of guide about exploiting buffer overflows, this time we will cover return-to-libc but for x64 architecture as well as just a little bit of Return Oriented Programming, generally what is the idea behind it, going into details in the next parts. 8. x86_64 / x86 differences We...

Read More

Part 3 | Stack-based Buffer Overflow exploitation to shell by example

This is continuation of my guide on binary exploitation, in this part we are going to cover return-to-libc attack which was invented to defeat DEP/Non executable stack. As you can remember, we have used the fact that stack is executable in the previous part of this guide. 5. DEP/NX Today all of the...

Read More

Part 2 | Stack-based Buffer Overflow exploitation to shell by example

In part 1 we've covered basic mechanisms of exploitation, but there is one caveat about example from part 1, that is we are not executing our code, but only changing the code path to run function that is already inside the binary. This sometimes can be enough, but most of the times, we would like to...

Read More

Part 1 | Stack-based Buffer Overflow exploitation to shell by example

There are a lot of tutorials out there about exploitation of memory corruption bugs, but I struggled to find step-by-step ones, that would start with simplest examples possible. So I figured that while learning more advanced techniques of exploitation I can dump my knowledge about those which I already...

Read More

Magic behind python WAT moments

So once upon a time you find that thing in your programming language that behaves not really how you would expect it to. This post will be about those moments when you are programming in python. 1. 'is' on small ints This is one of the most popular one, let's say you write something along those lines (which you probably never should actually, I will explain why in a sec): >>> a = 5 >>>...

Read More