INTRODUCTION This is a Medium level challenge from Rootme that uses the format string vulnerability to get the flag. Format strings are not only used to display the stack data but also write data anywhere on the stack. CHALLENGE The source code for the challenge has been given which makes our life…

INTRODUCTION This was a basic ret2win challenge with a twist. It had stack canaries enabled. So using the basic buffer flow technique and calling the function was out of the picture. But there was a format string vulnerability in the binary! Somehow leaking address could help here. We could leak the…

INTRODUCTION This is a basic Ret2libc attack where we need to leak an address, then check the LIBC leak database and finally use the offset to pop up the shell. So for the newbies out there like me, First let’s get to know what a libc and ret2libc is. The C…

INTRODUCTION This is a basic ret2win challenge from jornadas CTF. Here we just need to buffer overflow and reach the RIP/Return region and then call the function to get the shell. CHALLENGE First, we check the file type and the memory protection involved with the binary.

After spending some time in stack buffer overflow challenges, here we are with a section dedicated only to format strings. There are tons of blogs on format strings and the vulnerability involved with it. So ill start with the challenge directly. Format strings are really interesting if you understand what…

NOTE: No flag here :) Hello PWN enthusiasts. This is a beginner-level challenge from Root-me. But that word “PIE” kinda made me think this challenge was hard. CHALLENGE Let us do the basic checks like file type and memory protection.

INTRODUCTION Hello PWN enthusiasts, we will do a technique called Sigreturn oriented programming/SROP to complete this challenge. I’ll explain everything in SROP while doing the Sickrop challenge. Skip to the challenge section if you know about the basics of SIGRETURN. NOTE: I am using the mprotect() method in this blog. I’ll…

A fairly easy challenge in the PWN category. Let me explain how I solved this challenge. First, we check the file type and the memory protection involved with the binary. We can see this is a 64bit binary, dynamically linked and not stripped. Makes our life easier. NX bit is…

INTRODUCTION First of all, I would like to thank John Hammond and his team for this amazing CTF. I learned a lot from this CTF and his videos were helpful while solving the challenges. This is another challenge where I stumbled a bit and learned something new. Though I have done…