In this multipart write-up, I will feature vulnserver.exe— a binary that is designed to be exploited. I used this binary to have a quick introduction on Wind...
pwn windows-exploitation mona immunity-debuggerIn this write-up, I will discuss about attacking KSTET command of vulnserver.exe by only using a limited set of characters.
pwn windows-exploitation badcharsIn this write-up, I will discuss about attacking HTER command of vulnserver.exe with the use of hex characters.
pwn windows-exploitation jmp-espIn this write-up, I will discuss about attacking GTER command of vulnserver.exe with egghunter.
pwn windows-exploitation jmp-esp egghunterIn this write-up, I will discuss about attacking KSTET command of vulnserver.exe with egghunter.
pwn windows-exploitation egghunterIn this write-up, I will discuss about attacking GMON command of vulnserver.exe with SEH overwrite.
pwn windows-exploitation SEHIn this write-up, I will discuss about attacking TRUN command of vulnserver.exe with JMP ESP technique.
pwn windows-exploitation jmp-espThis is a quick walkthrough of my solutions for TJCTF 2020 pwn challenges. I will just elaborate some of the tricks that I learned while solving these challe...
pwn format-string ropMango is rated as a medium difficulty linux machine. This machine is hosting a webserver vulnerable to NoSQL injection, allowing attackers to leak credential...
nosql injection jjs gtfobinsTraverxec is one of the beginner friendly boxes in HTB. This machine is hosting a webserver vulnerable to remote code execution, exposing a backup SSH privat...
nostromo journalctl ssh2john gtfobinsSince I got a lot of free time (and heard about the big prize), I decided to participate in ROOTCON Easter Egg Hunt 2020, hosted by Pwn De Manila. Luckily, I...
candump memdump maldoc OTPMulti-part write-up for encryptCTF 2019 pwn challenges
pwnLast part of my encryptCTF 2019 Pwn write-up series. This challenge tackles format string exploit — overwriting GOT entry to have a program flow control.
pwn format stringFourth part of my encryptCTF 2019 Pwn write-up series. This challenge tackles stack buffer overflow — leaking a LIBC address that leads to a shell.
pwn bof ret2libcThird part of my encryptCTF 2019 Pwn write-up series. This challenge tackles stack buffer overflow — creating a ROP chain to call gets() -> main() -> s...
pwn rop bofSecond part of my encryptCTF 2019 Pwn write-up series. This challenge tackles basic stack buffer overflow — overwriting saved return address to control the p...
pwnFirst part of my encryptCTF 2019 Pwn write-up series. This challenge tackles basic stack buffer overflow — writing a specific value on the exact address need...
pwn bofLast part of my TAMUctf pwn write-up series. This write-up will feature 3 challenges since the solutions are just short and simple.
pwn command injection picklePart 3 of my TAMUctf pwn write-up series. This challenge tackles stack buffer overflow leading to a shellcode execution.
pwn bof shellcodePart 2 of my TAMUctf pwn write-up series. This challenge tackles single-byte overflow leading to a program flow control.
pwn bofPart 1 of my TAMUctf pwn write-up series. This challenge tackles basic stack buffer overflow — writing a specific value on the exact address needed.
pwn bof