Posts

This is an easy level challenge introducing Format String Vulnerability. The method used to solve this challenge is leaking any function address and find the base address for the system. With the known base address, we can overwrite a global variable into wanted value. Initial Analysis File Analysis Checking File type file fsb_overwrite fsb_overwrite: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=ecbb8000934a34b30ea8deb3a7675e08f8a44cda, for GNU/Linux 3.2.0, not stripped File type analysis ...

This is the first challenge released during I-Hack 2024 Qualifier and I am so excited seeing the announcement of the challenge release. My adrenaline suddenly spike like crazy and more crazier I managed to get First Blood for this challenge Overview This challenge involves understanding of basic ROP and Shellcode Injection for ELF x86. The binary has no protection and the address of the input buffer were given. I would say a great challenge for beginners in PWN / Binary Exploitation ...

This challenge involves understanding on how Vector Variable were stored in memory for C++. The program able to overflow the Vector Pointer to change where it points to. Initial Analysis File Analysis To know more about the given executable, we can use file command. file vector_overflow vector_overflow: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=4a0b824c662ee47b5cd3e73176c0092f1fcf714b, for GNU/Linux 3.2.0, not stripped Key Findings:- 64-bit executable not stripped means the executable has not had its symbol table and relocation information removed. Executable Security Check To figure out what security mitigations enabled in this executable, we can use checksec command that comes with pwntools library ...

This challenge involves exploiting buffer overflow and format string vulnerabilities. The buffer overflow allows us to leverage the format string %s to leak addresses. Additionally, this challenge includes a return-to-libc (ret2libc) attack. Intial Analysis In this challenge we were given 4 different files. yawa (challenge executable) yawa.c (challenge source code) ld-2.35.so (dynamic linker/loader for the GNU C Library version 2.35) libc.so.6 (main shared library for the GNU C Library) When initially received executable, yawa cannot be run due the executable requirements using specific linker and main shared library. Using pwninit (https://github.com/io12/pwninit), the patching process becomes much easier. Now with the patched binary, it can now be run. ...

This security challenge focuses on exploiting a buffer overflow vulnerability within a provided program file. Using knowledge on Linux calling conventions and Return Oriented Programming (ROP) to achieve the exploit. The ultimate goal is to perform a Ret-2-libC attack without access to the exact LibC library file used by the program. Question Welcome to Lib-Riddle, where the library holds a secret deep inside its stacks. In this hilarious and intriguing challenge, you’ll sift through piles of books and quirky clues to uncover the hidden mystery. Can you crack the code and reveal the library’s best-kept secret? Dive in and let the quest for knowledge begin! ...

Introduction This is bold text, and this is emphasized text. Visit the Hugo website! TargetMode="External" asdad