- Create a Linux profile for Ubuntu 18.04 (5.4.0-42-generic) in Volatility
linux_bash plugin to get link to the repo and
linux_find_file plugin to recover the filepath
- Decode the keyboard stream data to retrieve the flag
- This is a fairly simple Maze challenge
- Challenge is written in rust
- Jemalloc heap challenge
- A buggy implementation of
merge allows for an overwrite onto the next region
- This is a simple stack based VM
- 25-27 opcodes and 8 different constraints
- Extract the constraints
- Use z3 to find a satisfying model
- UAF in chess game, overwrite
- The dump has some encrypted functions
- The encrypted bytes are being xorred with a 32 byte key
- Find the xor_key in the dump
- Use xor_key offset to find the offset of AES_key and iv
- AES_CBC decrypt to find flag
- Abusing a stack overflow on a RISC-V binary to then return to shellcode.
- overflow the
char candle counter stored in the wax structure and trigger uaf.
- Use the uaf to trigger double free and get shell.
- Out-of bounds index write allows byte-by-byte overwrite of return address
- Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
- Leak libc with puts and execute a ret2libc to get shell