All articles tagged as:

ctf

Exploiting with pwndbg - Solving PlaidCTF 2016 SmartStove

This bank holiday weekend I spent a bit of time updating my docker containers (I know, rock-n-roll!). One of the tools I've been hearing good things about is pwndbg, an open source plugin for GDB which aims to help with exploit development. I've always been a fan of peda, which provides similar functionality, but seeing the integration that pwndbg had with radare2, I couldn't help but give it a shot. To install the tool, I used the provided installation instructions: git clone https://github.com/pwndbg/pwndbg cd pwndbg ./setup.sh One of the snags I ran into early was a nasty error message when…

Read more »

Revisiting PlaidCTF - bigpicture

During the PlaidCTF challenge, there were a couple of binaries which, whilst I had a general idea of how the vulnerability worked, I couldn't complete in time to grab a flag. This has been bugging me since the end of the CTF, so I wanted to revisit one such challenge and see what I was missing. That challenge was "bigpicture". To begin with, you are given a simple description: Size matters! Running at bigpicture.chal.pwning.xxx:420 After reviewing some of the solutions to see where I went wrong, I wanted to take the opportunity to improve my binary exploit knowledge by attempting to exploit t…

Read more »

PlaidCTF - no_mo_flo writeup

This weekend I joined team NeverTry on PlaidCTF. One of the interesting challenges that I attempted was the "no_mo_flo" reverse engineering exercise. The description provided was simple: Can you go with the flow? To begin with, we load the challenge in IDA Pro. After some parsing, we see the first step is to read 0x20 bytes from STDIN: Once our input is read, the data is split into 2 buffers, one containing even bytes, and one containing odd bytes: First, the even byte buffer is parsed. The r8 register is set to "1", and then byte by byte, a number of comparisons are made on the input.…

Read more »