Privilege Escalation Explained — This is a HTB Box in TJ_Null’s List for OSCP Preparations. While there are numerous write-ups and videos that explain the concepts, I want to share my personal insights and approaches to solve this box. I’ve encountered several problems in my approach and I would like to share these learning…

Shellshock Vulnerability and Script Explained — This is a HTB Box in TJ_Null’s List for OSCP Preparations. While there are numerous write-ups and videos that explain the concepts, I want to share my personal insights and approaches to solve this box. I’ve encountered several problems in my approach and I would like to share these learning…

INTRODUCTION This is an easy challenge that took me some time to understand what was going on. A tricky challenge, based on fake instruction and fake jumps, designed to deviate us from the flag. CHALLENGE ANALYSIS Let’s start with the basic checks.

Finally, after 4 months of break from PWN, I learned how to leverage the Use After Free attack. It feels really good to take a huge transition from stack-based attack to the heap. Stories later, let’s get started with the “Introduction to UAF”. INTRODUCTION — Use After Free [UAF] Skip to the exploitation part if you…

INTRODUCTION This is a Medium level challenge from Rootme that uses the format string vulnerability to get the flag. Format strings are not only used to display the stack data but also write data anywhere on the stack. CHALLENGE The source code for the challenge has been given which makes our life…

INTRODUCTION This was a basic ret2win challenge with a twist. It had stack canaries enabled. So using the basic buffer flow technique and calling the function was out of the picture. But there was a format string vulnerability in the binary! Somehow leaking address could help here. We could leak the…

INTRODUCTION This is a basic Ret2libc attack where we need to leak an address, then check the LIBC leak database and finally use the offset to pop up the shell. So for the newbies out there like me, First let’s get to know what a libc and ret2libc is. The C…

INTRODUCTION This is a basic ret2win challenge from jornadas CTF. Here we just need to buffer overflow and reach the RIP/Return region and then call the function to get the shell. CHALLENGE First, we check the file type and the memory protection involved with the binary.

After spending some time in stack buffer overflow challenges, here we are with a section dedicated only to format strings. There are tons of blogs on format strings and the vulnerability involved with it. So ill start with the challenge directly. Format strings are really interesting if you understand what…