Protostar Heap 0-3 Writeup

Published Directly onto github, I am gonna start porting my writeups to markdown pages and use the blog for other topics - https://github.com/0xrnair/ctf-writeup/blob/master/protostar-heap.md…

READ MORE

Protostar Formar String 0-4

Before I start the tutorial i will throw in a bunch of articles/blogs etc which were of immense help - The Stanford Paper , Syracuse's notes , this site , fuzzysecurity, and obviously phrack ,2. Also random tutorials on youtube / securitytube can be of help. Format 0 This is pretty straight forward…

READ MORE

Protostar Writeup Stack 0 - Stack 7

Stack 0 Pretty self explanatory, you just need to corrupt the modified variable echo `python -c "print 'A'*65"` | /opt/protostar/bin/stack0 Stack 1 Basic stuff overflow the modified variable with dcba; since it is little endian it will be stored as 61626364 :) ./stack1 `python -c "print 'A'*64+…

READ MORE

My Nebula Write-up Part #2 [Flag 09-18]

Flag 09: will come back later Flag 10: Try LD_DEBUG exploit race conditon Exploit symbolic link and race condition fill pipe and redirect to standard output if we can block the setuid binary between the calls to access() and open(), which gives us lot of time. To block the…

READ MORE

My Nebula Write-up Part #1 [Flag 01-08]

I've been having a go at nebula just for the lulz and it seems like an interesting VM since it has covered a gamut of vulnerabilities ranging from crappy PATH issues to the cool python pickle functions. I thought a write up of this was due even though i seen…

READ MORE