bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

MultiStorage - InCTF Internationals 2021

3agl3
2021-08-18
Pwn

tl;dr

  • Race condition to change the type.
  • Leak using uninitialized memory and get rip with overflow.
Read More
InCTFi Exploitation Heap Kernel

Baby Glob - InCTF Internationals 2021

Cyb0rG
2021-08-17
Pwn

tl;dr

  • Heap Overflow in glob function while handling Tilde operator.
  • Abuse null byte overflow to gain RCE.
Read More
InCTFi Exploitation Heap CVE-2017-15804

Kqueue - InCTF Internationals 2021

Cyb0rG
2021-08-17
Pwn

tl;dr

  • Use the integer overflow to trigger a kernel heap overflow.
  • Use the heap overflow to overwrite tty structure function pointers to get code execution.
Read More
InCTFi Exploitation Linux Kernel Kernel Heap

Ancient House - InCTF Internationals 2021

Pwn-Solo
2021-08-15
Pwn

tl;dr

  • Jemalloc heap challenge
  • A buggy implementation of strncat in merge allows for an overwrite onto the next region
Read More
InCTFi Exploitation Linux Heap Jemalloc

DeadlyFastGraph - InCTF Internationals 2021

d4rk_kn1gh7
2021-08-15
Pwn

tl;dr

  • Arbitrary type confusion in DFG JIT
  • Bug eliminates a single CheckStructure node
Read More
InCTFi Exploitation Browser Safari

Pawn - Angstrom CTF 2021

d4rk_kn1gh7
2021-04-08
Pwn

tl;dr

  • UAF in chess game, overwrite __malloc_hook to one_gadget
Read More
Linux Heap AngstromCTF

Favourite Architecture-1 - StarCTF 2021

Pwn-Solo
2021-01-20
Pwn

tl;dr

  • Abusing a stack overflow on a RISC-V binary to then return to shellcode.
Read More
Exploitation Linux StarCTF Shellcode RISC-V

BabyPAC - StarCTF 2021

d4rk_kn1gh7
2021-01-18
Pwn

tl;dr

  • Buffer overflow in AArch64
  • Bypass pointer authentication to leak libc and get shell
Read More
StarCTF ARM ROP PAC

Diary - Balsn 2020

3agl3
2020-11-17
Pwn

tl;dr

  • Overflow from stdin stucture till main_arena.
  • Create fake fastbin chunks to get overlapping chunk and leak.
  • Overwrite __malloc_hook using fastbin attack.
Read More
Heap Balsn

Leakguard - HackTheVote 2020

Cyb0rG
2020-10-30
Pwn

tl;dr

  • overflow the char candle counter stored in the wax structure and trigger uaf.
  • Use the uaf to trigger double free and get shell.
Read More
Linux Heap HackTheVote

 Previous 

2 / 4

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.