Yet another writeup for the Padocon 2011.
This time, i'm gonna talk about karma200, a level that we did not validate during the CTF, but i was curious to see how i could exploit it, so i worked on it with Mysterie, kutio, teach and others these last few days.
Like for karma100, we had ssh credentials to a linux box and found a setuid binary called attackme in the home directory. Here is the source code:
int main(int argc,char **argv)
if(argc != 2 ...
This is another writeup for the Padocon 2011 CTF. This time, i'm gonna talk about a wargame-style binary exploitation level, karma 100.
This one was not that difficult to exploit, in fact it took us only a couple of hours to obtain reliable code execution, but we were unable to find the flag until much later.
We were given ssh credentials and once logged in, we had a binary suid boom100 in our home directory with the source code.
/* hi, guys! */
/* This is just warm up :) */
int main( int argc, char *argv ...
Note: ce post est disponible en français sur le microblog nibbles.
This challenge was a heap overflow on linux. The glibc version was 2.7. We were not given the source code, but thanks to hex-rays, we had a good idea of what the code looked like.
The vulnerable program printed some informations to make exploitation easier: "good heap allignment found on malloc() [somenumber]". We searched this sentence on the web and found this article. As we suspected, we were going to have to use the "House of Mind" technique.
It seems that the code source of this challenge was ...