tiny-crackme

Found this nice and small crackme at crackmes.de. Author comment : This is my second linux crackme. It has a very small size (<400 bytes of bytecode) but implements a few tricks all the same : - Elf headers corrupted, - &quot;Cyphered&quot; binary, - CRC checking,…

9447ctf writeup calcpop reloaded

This challenge is an exploitation challenge. A binary is given and it runs in RedOS. An operating system created for the exploitation challenges. We first load the binary in IDA with base address 0x100000. We then reach main function at 0x1008bc. The psudeo-code of the function looks like the following…

ekoparty CTF rev100, rev300

rev100 This challenge asks for a password. It's called count. So I started by counting the number of instructions executed and it seems it's vulnerable to a side-channel-attack. Meaning we can recover the password by counting the instructions executed. #!/usr/bin/env python2 import os import string import operator charset…

dctf r400

This challenge asks for a password. We see that it calls getenv to check for LD_PRELOAD, ptrace which are used to detect if a processes is debugged. [0x00400875]> afl ~env 0x00400660 6 1 sym.imp.getenv [0x00400875]> afl ~ptr 0x004006f0 6 1 sym.imp.ptrace Since this…

dctf r300

This challenge asks for username and password, we need to get the username for 'Administrator'. The binary has code that does not allow you to do that. Let's find it and patch it first. This is the first one, it checks if we have 'A' and quits. [0x004016be]> pdb…