Summary Statically analyse the sample --> find main method --> run the program in x64dbg --> patch registers to bypass anti-debugging techniques --> flag
This binary starts out with most of its code XORed and only unpacks it if we bypass several anti-debugging techniques.
Static analysis I first wanted to see if I could grasp anything useful from throwing the program in cutter. Looks like all I got is the location of main in memory, as the initial code in main is pretty cryptic.
Summary Read up on php C extensions --> get a working request --> read through the extension source and find a bad if statement which allows for buffer overflows --> overwrite part of the return address in order to land in a printf block --> format string to leak addresses --> rop with said leaked addresses --> flag
This challenge is from Hackthebox and is rated easy(though it wasnt):
Taking a look at what we downloaded we notice a very unusual format: the challenge is based on exploiting a php extension written in C.
Summary Figure out what server.py is doing --> discover that it uses the miller-rabin primality test --> exploit said test with a carmichael number --> flag
This challenge comes from HacktheBox and is rated as very easy:
Taking a look at server.py we can see some rather complex math being done to our input:
from secret import FLAG from Crypto.Util.number import isPrime import socketserver import signal class Handler(socketserver.BaseRequestHandler): def handle(self): signal.
Summary Reverse the application --> Discover multiple bad practices in the login implementation --> get the credentials from said bad implementation --> intercept the traffic --> flag
This CTF was part of SekaiCTF2024 reversing category, and was rated 2 stars:
To start we are given an apk. Let’s run it using any emulator, i used Genymotion here:
We can try common credentials but nothing seems to work. All apks are essentially archives, so we can unzip and also decompile the code inside it with a tool like apktool:
To start we are given a zip file with two binaries and two json files inside it
Let’s first run the elf to see what it’s doing.
./SpellBrewery 1. List Ingredients 2. Display Current Recipe 3. Add Ingredient 4. Brew Spell 5. Clear Recipe 6. Quit > 3 What ingredient would you like to add? Vampire's Kiss The cauldron fizzes as you toss in a 'Vampire's Kiss'... 1. List Ingredients 2.
Hello everyone and welcome to the guide on how to complete The Linux Privilege Escalation skills assessment room on HTB Academy.
Start backwards This box takes less than 10 minutes to do with this simple trick: start backwards! If we start backwards, we then just have to know how a flag looks like in order to scrape the entire file system for the rest.
Step 1 is to transfer linpeas.sh to the victim machine and run it:
Welcome to this blogs first htb module writeup! today we’re going to go over the session security module, as part of the CBBH path.
The solution for this challenge consists in stealing the admins cookie and then hijacking his session. So first thing we’ll do is log into the webapp with the provided credentials. Also make sure you’ve added minilab.htb.net to your attacker machines /etc/hosts file.
Visiting the submit-solution website, its not obvious at first what its purpose is (at least for me it wasnt).
Welcome back, today we’re gonna go through the second half of the challenges from TryHackMe’s website:
Level 6 This one isnt vulnerable to a classic BOF, but to something called a format string vulnerability. What’s basically happening is that instead of having a normal printf("%s", examplevar) we have something more like printf("%s") . printf was given a format specifier, but no source. So in return printf will make its own justice and take its source from the stack.
Welcome to this websites first writeup, today we’re going to go through the pwn101 room challenges, a series of binary exploitation exercises which provide a good starting point for learning binary exploitation and hacking in general.
Level 1 The first level consists of a simple buffer overflow, which we probe for by flooding the input buffer we are given to see if we can crash the program.
We can see the moment the buffer gets overran it executes "/bin/sh".
Ethical hacking blog, where I will post all sorts of writeups for anything infosec related from binary exploitation to active directory hacking.
XMR:
88izBvnTcRHPudcd5TzzUWLwcfx5CqxKo1P9z7V4Ba8BC8Jwr3yEc8hRW5CdAUZBTp8NC5LDModnGVRAcrcqfFXEJkb33HQ