bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

valentine - hxpCTF 2022

sk4d
2023-03-15
Web

tl;dr

  • SSTI in the valentine card
  • bypass filter by setting ejs delimiter option
  • RCE :yay:
Read More
hxpCTF

sqlite_web - hxpCTF 2022

ma1f0y
2023-03-14
Web

tl;dr

  • Create a sqlite3 extension with rce payload.
  • Abuse werkzeug tempfile to upload the extension to server.
  • load that extension using load_extension(‘/proc/self/fd/fd_no’);
Read More
hxpCTF

cs2100 - HackTM CTF Quals 2023

k1R4
2023-02-23
Pwn

tl;dr

  • LOAD and S_TYPE opcodes lead to OOB when addr > DRAM_BASE+DRAM_SIZE
  • Get libc and stack pointers and offset to obtain RIP offset and base
  • Write ropchain on stack using libc gadgets
  • Perform ORW on flag file
Read More
Exploitation VM

BlueLock - bi0sCTF22

AmunRha
2023-02-10
Reversing / Windows

tl;dr

  • Implemented two SEH and two VEH Exception Handlers
  • Two stage malware challenge with process injection technique
  • CPP binary where logic is wrapped in classes and their member functions
Read More
bi0sCTF Windows Reversing ExceptionHandling

scorescope - DiceCTF 2023

sk4d
2023-02-07
Web

tl;dr

  • read output using ValueError
  • sys.modules to print all the app modules
  • go through the module classes and find the test case functions and re-write them to always return true
Read More
DiceCTF2023

Recursive-csp - DiceCTF 2023

Lu513n
2023-02-07
Web

tl;dr

  • craft a payload with a random nonce
  • use hash-collider to collide the nonce we gave earlier
Read More
DiceCTF2023

kawaii_vm - bi0sCTF 2022

k1R4
2023-01-25
Pwn

tl;dr

  • Giving custom array size of NaN, passes checks while allowing OOB r/w
  • Use OOB r/w to get libc, stack (environ) addresses
  • Craft fake chunk on array and overwrite fastbin fd
  • Reset machine to allocate register context on fake chunk
  • Overwrite VM sp with real stack
  • Push ropchain onto stack and halt VM to execute ropchain
Read More
bi0sCTF Exploitation VM

Eerie_Jit - bi0sCTF 2022

Abhishek Barla
Abhishek Bharadwaj
2023-01-25
RE

tl;dr

  • This challenge is a JIT VM
  • The VM logic implements modular equations
Read More
VM bi0sCTF2022 JIT

DroidComp - bi0sCTF 2022

komi
2023-01-25
Misc

tl;dr

  • Exploit Android Webview Javascript Interface
  • Communicate with a Service via AIDL
Read More
Android bi0sCTF-2022

Vuln-Drive 2 - bi0sCTF22

ma1f0y
2023-01-24
Web

tl;dr

  • SSRF using file_get_contents() and CRLF in ini_set()
  • basic Header quirks to bypass waf
  • sqli using column trick in SQLite to get the flag
Read More
SSRF CRLF SQLi bi0sCTF22

 Previous 

5 / 19

 Next 

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.