bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

Smash - TokyoWesterns CTF 2020

Cyb0rG
2020-09-22
Pwn / CET

tl;dr

  • Leak with Format String bug.
  • Use the arbitrary heap pointer write to overwrite __GI__IO_file_jumps.
  • Inject shellode in heap and get code execution in dfprintf.
Read More
Exploitation Format String CET BOF TokyoWesterns CTF

Secret Service - InCTF Internationals 2020

Cyb0rG
2020-08-06
Pwn / Exploitation

tl;dr

  • Use format String to get into secret service.
  • Get libc leaks by overwriting mapped bit of a free chunk.
  • Overwrite the Thread Local Block , thus overwriting canary to get buffer overflow.
Read More
InCTFi Format String TCB overwrite Calloc Malefacerum

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.