bi0s
  •  Home
  •  Categories
  •  Archives
  •  Tags
  •  Home
  •  Categories
  •  Archives
  •  Tags

palindromatic - bi0sCTF 2024

k1R4
2024-02-26
Pwn

tl;dr

  • Sanitizing request causes null byte overflow which corrupts type
  • Processing corrupted request doesn’t remove it from incoming_queue
  • Reaping corrupted request still leaves it in incoming_queue causing UAF
  • Setup crosscache to abuse UAF
  • UAF provides free primitive through double reset
Read More
bi0sCTF Exploitation Heap Kernel

k32 - bi0sCTF 2022

k1R4
2023-01-23
Pwn

tl;dr

  • Giving size > 48 causes heap OOB r/w of 16 bytes
  • Use OOB r/w get leaks and overwrite objects for rip control
Read More
bi0sCTF Exploitation Heap Kernel

MultiStorage - InCTF Internationals 2021

3agl3
2021-08-18
Pwn

tl;dr

  • Race condition to change the type.
  • Leak using uninitialized memory and get rip with overflow.
Read More
InCTFi Exploitation Heap Kernel

Official blog of team bi0s

  Projects
  •   bi0s-wargame
    (Unraveling)
  •   bi0s-wiki
    (Free Encyclopedia)
  •   InCTF
    (Nationals CTF)
  •   InCTFj
    (Juniors CTF)

Made With Love and Coffee



Blog content follows the Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) License

Use Material X as theme, total visits times.