Posts

Detailed binary exploitation writeups from UMD CTF and WPICTF , heap based overflow and format string vulnerability.

Web writeups for Hackzone VIII CTF

pwn1(70pts) It was a ret2libc task , but we had firstly to leak the libc base address using BOF (i leaked it through printf address) than we will return to main and perform our ret2 System :D here is my exploit, if you have any questions you can contact me on twitter @BelkahlaAhmed1

B64DECODER (244pts) This is wont be a detailed writeup , however in this task we have a clear format string vulnerability (line 23) and a leak of a64l function address

The after-Prequal (971pts) (19 Solves) This task was so fun and i learned new things from it , we are given a website with a search functionality and after testing a single quote injection we had an SQL error , so let’s start the exploitation of the famous SQL injection :D

Empire Total (1000pts) (7 Solves) This task was really so creative and i had so fun solving it , but i can’t deny that it was painful :( after reading the description we can say that we aim to dump the database of the website (maybe SQL injection who knows) and fortunately we have the source code so let’s download it and begin our trip xD

A Peculiar Query (180pts) (73 Solves) I really liked this web task , we are given this web page that have a search functionality And we can read the source code

Shinobis World (1000pts) (1 Solves) Hello guys again , in this task we are give the Settings.py of a django Web application , we can notice that the website is using caching with redis that is listening on port 6379 locally !

JWT In a new way (1000pts) (0 Solves) And finally i’m writing a writeup for this task xD i published this task in Securinets Mini CTF and NCSC2.0_CTF but unfortunately it had 0 solves (in fact no one managed to pass the first step) , it took me a lot of time to prepare this task so i hope you enjoy it :D However bring your coffee cup and let’s begin the road .