bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

GateKeeping - CSAW '21 Qualifier

Sayooj B Kumar
2021-09-14
Web Exploitation

tl;dr

  • Bypass nginx’s DENY ALL using SCRIPT_NAME
  • Calculate key_id uploading flag.txt.enc
  • Leak the key and decrypt flag.txt.enc
Read More
CSAW Quals Nginx

Grid - CSAW Quals 2020

d4rk_kn1gh7
2020-09-18
Pwn

tl;dr

  • Out-of bounds index write allows byte-by-byte overwrite of return address
Read More
Exploitation Linux CSAW Quals

The Bards' Fail - CSAW Quals 2020

Pwn-Solo
2020-09-15
Pwn

tl;dr

  • Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
  • Leak libc with puts and execute a ret2libc to get shell
Read More
Exploitation Linux CSAW Quals

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.