TJCTF 2020 Pwn writeup
This is a quick walkthrough of my solutions for TJCTF 2020 pwn challenges. I will just elaborate some of the tricks that I learned while solving these challe...
pwn format-string rop
Categories
ctf
ROOTCON Easter Egg 2020 Write-up
Since I got a lot of free time (and heard about the big prize), I decided to participate in ROOTCON Easter Egg Hunt 2020, hosted by Pwn De Manila. Luckily, I...
candump memdump maldoc OTPencryptCTF2019 Pwn Write-ups
Multi-part write-up for encryptCTF 2019 pwn challenges
pwnencryptCTF 2019 Pwn Write-up 5 of 5
Last part of my encryptCTF 2019 Pwn write-up series. This challenge tackles format string exploit — overwriting GOT entry to have a program flow control.
pwn format stringencryptCTF 2019 Pwn Write-up 4 of 5
Fourth part of my encryptCTF 2019 Pwn write-up series. This challenge tackles stack buffer overflow — leaking a LIBC address that leads to a shell.
pwn bof ret2libcencryptCTF 2019 Pwn Write-up 3 of 5
Third part of my encryptCTF 2019 Pwn write-up series. This challenge tackles stack buffer overflow — creating a ROP chain to call gets() -> main() -> s...
pwn rop bofencryptCTF 2019 Pwn Write-up 2 of 5
Second part of my encryptCTF 2019 Pwn write-up series. This challenge tackles basic stack buffer overflow — overwriting saved return address to control the p...
pwnencryptCTF 2019 Pwn Write-up 1 of 5
First part of my encryptCTF 2019 Pwn write-up series. This challenge tackles basic stack buffer overflow — writing a specific value on the exact address need...
pwn bofTAMUctf 2019 Pwn Write-up 4-6 of 6
Last part of my TAMUctf pwn write-up series. This write-up will feature 3 challenges since the solutions are just short and simple.
pwn command injection pickleTAMUctf 2019 Pwn Write-up 3 of 6
Part 3 of my TAMUctf pwn write-up series. This challenge tackles stack buffer overflow leading to a shellcode execution.
pwn bof shellcodeTAMUctf 2019 Pwn Write-up 2 of 6
Part 2 of my TAMUctf pwn write-up series. This challenge tackles single-byte overflow leading to a program flow control.
pwn bofTAMUctf 2019 Pwn Writeup 1 of 6
Part 1 of my TAMUctf pwn write-up series. This challenge tackles basic stack buffer overflow — writing a specific value on the exact address needed.
pwn bofexploitation
Exploiting vulnserver.exe — Intro to Windows Exploitation
In this multipart write-up, I will feature vulnserver.exe— a binary that is designed to be exploited. I used this binary to have a quick introduction on Wind...
pwn windows-exploitation mona immunity-debuggerExploiting vulnserver.exe — LTER command with restricted characters
In this write-up, I will discuss about attacking KSTET command of vulnserver.exe by only using a limited set of characters.
pwn windows-exploitation badcharsExploiting vulnserver.exe — HTER command using hex characters
In this write-up, I will discuss about attacking HTER command of vulnserver.exe with the use of hex characters.
pwn windows-exploitation jmp-espExploiting vulnserver.exe — GTER command using egghunter
In this write-up, I will discuss about attacking GTER command of vulnserver.exe with egghunter.
pwn windows-exploitation jmp-esp egghunterExploiting vulnserver.exe — KSTET command using egghunter
In this write-up, I will discuss about attacking KSTET command of vulnserver.exe with egghunter.
pwn windows-exploitation egghunterExploiting vulnserver.exe — GMON command using SEH overwrite
In this write-up, I will discuss about attacking GMON command of vulnserver.exe with SEH overwrite.
pwn windows-exploitation SEHExploiting vulnserver.exe — TRUN command using JMP ESP technique
In this write-up, I will discuss about attacking TRUN command of vulnserver.exe with JMP ESP technique.
pwn windows-exploitation jmp-espwindows
Exploiting vulnserver.exe — Intro to Windows Exploitation
In this multipart write-up, I will feature vulnserver.exe— a binary that is designed to be exploited. I used this binary to have a quick introduction on Wind...
pwn windows-exploitation mona immunity-debuggerExploiting vulnserver.exe — LTER command with restricted characters
In this write-up, I will discuss about attacking KSTET command of vulnserver.exe by only using a limited set of characters.
pwn windows-exploitation badcharsExploiting vulnserver.exe — HTER command using hex characters
In this write-up, I will discuss about attacking HTER command of vulnserver.exe with the use of hex characters.
pwn windows-exploitation jmp-espExploiting vulnserver.exe — GTER command using egghunter
In this write-up, I will discuss about attacking GTER command of vulnserver.exe with egghunter.
pwn windows-exploitation jmp-esp egghunterExploiting vulnserver.exe — KSTET command using egghunter
In this write-up, I will discuss about attacking KSTET command of vulnserver.exe with egghunter.
pwn windows-exploitation egghunterExploiting vulnserver.exe — GMON command using SEH overwrite
In this write-up, I will discuss about attacking GMON command of vulnserver.exe with SEH overwrite.
pwn windows-exploitation SEHExploiting vulnserver.exe — TRUN command using JMP ESP technique
In this write-up, I will discuss about attacking TRUN command of vulnserver.exe with JMP ESP technique.
pwn windows-exploitation jmp-espencryptctf
encryptCTF2019 Pwn Write-ups
Multi-part write-up for encryptCTF 2019 pwn challenges
pwnencryptCTF 2019 Pwn Write-up 5 of 5
Last part of my encryptCTF 2019 Pwn write-up series. This challenge tackles format string exploit — overwriting GOT entry to have a program flow control.
pwn format stringencryptCTF 2019 Pwn Write-up 4 of 5
Fourth part of my encryptCTF 2019 Pwn write-up series. This challenge tackles stack buffer overflow — leaking a LIBC address that leads to a shell.
pwn bof ret2libcencryptCTF 2019 Pwn Write-up 3 of 5
Third part of my encryptCTF 2019 Pwn write-up series. This challenge tackles stack buffer overflow — creating a ROP chain to call gets() -> main() -> s...
pwn rop bofencryptCTF 2019 Pwn Write-up 2 of 5
Second part of my encryptCTF 2019 Pwn write-up series. This challenge tackles basic stack buffer overflow — overwriting saved return address to control the p...
pwnencryptCTF 2019 Pwn Write-up 1 of 5
First part of my encryptCTF 2019 Pwn write-up series. This challenge tackles basic stack buffer overflow — writing a specific value on the exact address need...
pwn boftamuctf
TAMUctf 2019 Pwn Write-up 4-6 of 6
Last part of my TAMUctf pwn write-up series. This write-up will feature 3 challenges since the solutions are just short and simple.
pwn command injection pickleTAMUctf 2019 Pwn Write-up 3 of 6
Part 3 of my TAMUctf pwn write-up series. This challenge tackles stack buffer overflow leading to a shellcode execution.
pwn bof shellcodeTAMUctf 2019 Pwn Write-up 2 of 6
Part 2 of my TAMUctf pwn write-up series. This challenge tackles single-byte overflow leading to a program flow control.
pwn bofTAMUctf 2019 Pwn Writeup 1 of 6
Part 1 of my TAMUctf pwn write-up series. This challenge tackles basic stack buffer overflow — writing a specific value on the exact address needed.
pwn bofhackthebox
HTB Writeup - Mango
Mango is rated as a medium difficulty linux machine. This machine is hosting a webserver vulnerable to NoSQL injection, allowing attackers to leak credential...
nosql injection jjs gtfobinsHTB Writeup - Traverxec
Traverxec is one of the beginner friendly boxes in HTB. This machine is hosting a webserver vulnerable to remote code execution, exposing a backup SSH privat...
nostromo journalctl ssh2john gtfobinsmachines
HTB Writeup - Mango
Mango is rated as a medium difficulty linux machine. This machine is hosting a webserver vulnerable to NoSQL injection, allowing attackers to leak credential...
nosql injection jjs gtfobinsHTB Writeup - Traverxec
Traverxec is one of the beginner friendly boxes in HTB. This machine is hosting a webserver vulnerable to remote code execution, exposing a backup SSH privat...
nostromo journalctl ssh2john gtfobinsrootcon
ROOTCON Easter Egg 2020 Write-up
Since I got a lot of free time (and heard about the big prize), I decided to participate in ROOTCON Easter Egg Hunt 2020, hosted by Pwn De Manila. Luckily, I...
candump memdump maldoc OTPtjctf
TJCTF 2020 Pwn writeup
This is a quick walkthrough of my solutions for TJCTF 2020 pwn challenges. I will just elaborate some of the tricks that I learned while solving these challe...
pwn format-string rop