Posts

  • Lonely Island write-up (FAUST CTF 2021)

    Lonely Island was one of the tasks on FAUST CTF 2021.

    This task was a multiplayer FPS game based on Godot engine. This is something you don’t see on CTFs often, let alone on attack-defense ones. One notable example I can think of is Pwn Adventure on Ghost in the Shellcode CTF many years ago. Although Pwn Adventure was considerably more complex, it was a jeopardy competition, and yet Lonely Island appeared on an attack-defense CTF.

  • IPPS write-up (FAUST CTF 2020)

    We’ve recently participated in Faust 2020 as part of MoreBushSmokedWhackers team and took the first place. We were first to solve the IPPS service (which was also the first blood of the game as a whole). This blog post covers the service itself, the vulnerabilities and the exploitation details.

  • M-Poly-Cipher write-up (Tokyo Westerns CTF 2019)

    We are given a binary implementing some cryptographic scheme, a public key, and an encrypted flag. After some reverse engineering in IDA, we could restore the scheme, which can be described as follows:

  • Pwning Master of PHP like it's Real Real World CTF

    In our previous blog post, my teammate Emil has already published a solution for Master of PHP, however, I still want to share another way of solving this challenge, because I think it is quite interesting as well, and it doesn’t require usage of bug that was implanted into no_realworld_php. Instead, in this post we will use recently discovered curl 1-day to achieve stable code execution on the remote host.

  • caidanti write-up (Real World CTF 2019 Quals)

    Caidanti was a reverse/pwn task with two flags.

    The task had two binaries - caidanti and caidanti-storage-service, running on Google’s Fuchsia operating system, which is currently under active development.

  • Master of PHP writeup (Real World CTF 2019)

  • printf write-up (Tokyo Westerns CTF 2019)

    printf was a pretty typical pwn task: you get binary, libc, network address, and you have to gain an RCE. The vulnerability is an unsafe alloca which allows one to cross the gap between stack and libraries.

  • Unknocking write-up (CyBRICS CTF 2019 Quals)

    Unknocking was a networking task on CyBRICS CTF 2019 quals.

  • GoogleCTF 2019 GPhotos writeup

    The challenge is an image storage service implemented as a PHP script. The source can be retrieved via a hidden link on the main page. The script is running inside Apache.
  • DevMaster 8000 and 8001 write-up (Google CTF 2019 Quals)

    DevMaster 8000 and DevMaster 8001 were sandbox challenges on Google CTF 2019 quals.

  • punchymclochface writeup (FAUST CTF 2019)

    This is a RCE-as-a-service that runs COBOL code encoded in punch card images upladed by user. Hard parts are generating valid punch card images with desired code and writing COBOL that runs shellcode using available charset. Patch is chmod -r data (disable listing in service data dir as flags are in randomly-named files).

  • If on a winters night a traveler write-up (0CTF/TCTF Quals 2019)

    “If on a winters night a traveler” was a pwn task on 0CTF/TCTF Quals 2019. You have to pwn a custom buggy encryption algorithm for Vim.

  • refrain write-up (0CTF/TCTF Quals 2019)

    refrain was a misc task at 0CTF/TCTF Quals 2019 where you had to reconstruct input data from a program trace.

  • 0CTF/TCTF 2019 Quals: Sixology write-up

    Sixology was a reverse task which 2 teams managed to solve during the CTF. You can find summary section (TL;DR) as well as some links in the end of write-up.

  • Diagon Alley write-up (FAUST CTF 2018)

  • EC3 write-up (DEF CON CTF 2018 Quals)

    Elastic cloud compute (memory) corruption (or EC3 for short) was a binary pwn task on recent DEF CON CTF 2018 Quals.

  • primepwn write-up (34C3 CTF)

    We are given an x86_64 ELF binary and remote server address. The goal is to gain remote execution and read the flag.

  • slot machine write-up (Google CTF 2017 Finals)

    “slot machine” was a hardware task in the reverse-engineering category on Google CTF Finals 2017, which took place in Zurich back in October 2017.

  • 2manypkts write-up (Nuit du Hack CTF Quals 2017)

    This task is a remote x86_64 binary (both binary and libc were provided), tagged as “pwn” and “network”. The goal is to exploit some vulnerability to gain remote code execution.

subscribe via RSS