DownUnderCTF 2022 just-in-kernel Writeup

just-in-kernel was a kernel exploitation problem in DownUnderCTF 2022, and had 11 solves by the end of the CTF. We were provided a kernel bzImage, an initramfs.cpio.gz file, a launch.sh script to launch the kernel in QEMU, and the following prompt:

A just-in-time compiler implemented completely within the kernel, wow! It's pretty limited in terms of functionality so it must be memory safe, right?

Read full post gblog_arrow_right

OTW Advent CTF 2018: nightmare Writeup

This is a writeup for nightmare, the day 23 challenge for the OverTheWire Advent CTF. The problem was a 350 point ARM exploitation challenge and had 8 solves by the end of the CTF. You can find the binary and the supplied libraries here. In short, my solution was to overwrite the top chunk size by getting another heap chunk to overlap it, followed by using the House of Force exploitation technique to overwite a GOT pointer to point to system.

Read full post gblog_arrow_right

9447 CTF 2015: Search Engine Writeup

I’ve been going through how2heap problems recently, and I really enjoyed solving search-engine from 9447 CTF 2015. This was a pretty complicated problem, but it was also a lot of fun so I’ll be sharing a writeup of my solution below. I’d highly recommend going over sploitfun’s glibc malloc article and the fastbin_dup_into_stack.c example from how2heap before going through this writeup.

Read full post gblog_arrow_right