racecar

Hello hackers, let’s solve another CTF from category easy. This challenge is about format string vulnerability First of all I look what type of file is it % file racecar racecar: ELF 32-bit LSB pie executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=c5631a370f7704c44312f6692e1da56c25c1863c, not stripped So I started Ghidra and look at functions there There are couple of interesting functions with various name and after little bit of time looking at the functions I found the right one As you can see, there is a part where the file flag....

May 2, 2022 · 2 min · Matus Bursa

ret2win

$ PYTHONIOENCODING=utf8 ./ret2win.py [!] Pwntools does not support 32-bit Python. Use a 64-bit release. [+] Starting local process './ret2win32': pid 26910 ret2win by ROP Emporium x86 For my first trick, I will attempt to fit 56 bytes of user input into 32 bytes of stack buffer! What could possibly go wrong? You there, may I have your input please? And don't worry about null bytes, we're using read()! > Thank you!...

January 3, 2021 · 1 min · Matus Bursa

Reversing ELF

Hi, today I would like to show you how to solve easy RE CTF and how to start with RE, my directory after finish all challenges looks following: $ tree . ├── crackme_1 │ ├── crackme1 │ └── flag.txt ├── crackme_2 │ ├── crackme2 │ └── flag.txt ├── crackme_3 │ ├── crackme3 │ └── flag.txt ├── crackme_4 │ ├── crackme4 │ ├── flag.txt │ └── gdb_cmd ├── crackme_5 │ ├── crackme5 │ ├── flag....

December 7, 2020 · 7 min · Matus Bursa

Inclusion

Hi guys, after long time I have 5 minutes for playing game, so let’s play. I see new game called Inclusion with describe A beginner level LFI challenge. Yes, this is something I want to play and have been done quick. So I am starting VPN tunnel to our playground and click on magic button Deploy machine. As always first scan ports opened on the machine. $ nmap -T4 -sV 10....

March 16, 2020 · 3 min · Matus Bursa

Blue

Hello everyone, today we look at the CTF with MS17-010 vulnerability. So let’s start with nmap scan. $ nmap -sV -p0-1000 --script vuln 10.10.223.243 Starting Nmap 7.80 ( https://nmap.org ) at 2020-02-12 14:40 CET Nmap scan report for 10.10.223.243 Host is up (0.043s latency). Not shown: 998 closed ports PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC |_clamav-exec: ERROR: Script execution failed (use -d to debug) 139/tcp open netbios-ssn Microsoft Windows netbios-ssn |_clamav-exec: ERROR: Script execution failed (use -d to debug) 445/tcp open microsoft-ds Microsoft Windows 7 - 10 microsoft-ds (workgroup: WORKGROUP) |_clamav-exec: ERROR: Script execution failed (use -d to debug) Service Info: Host: JON-PC; OS: Windows; CPE: cpe:/o:microsoft:windows Host script results: |_samba-vuln-cve-2012-1182: NT_STATUS_ACCESS_DENIED |_smb-vuln-ms10-054: false |_smb-vuln-ms10-061: NT_STATUS_ACCESS_DENIED | smb-vuln-ms17-010: | VULNERABLE: | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010) | State: VULNERABLE | IDs: CVE:CVE-2017-0143 | Risk factor: HIGH | A critical remote code execution vulnerability exists in Microsoft SMBv1 | servers (ms17-010)....

February 12, 2020 · 13 min · Matus Bursa