HackTheBox Cyber Apocalypse CTF 2022 – Intergalactic Chase (pwn) write-up

Hi everyone! This article is on HackTheBox’s Cyber Apocalypse CTF 2022 on pwn only. The event lasted from 14/5/2022 – 19/5/2022. Let’s get started! 1. Challenges Space Pirate: Entrypoint Format string attack on x64 ELF file to overwrite a stack variable’s value. Space pirate: Going Deeper Understanding on strncmp() terminating condition. Fleet Management Shellcoding with […]

唯獨依靠祢 My Trust is in You–火把音樂 Electric Guitar Solo Tab

Notes Standard tuning Tabs Vamp (1:50): Just a solo within the E major scale at the 7th fret. E|——————————————————| B|———————–9—————————9–| G|——-9———11———9——-9———11——| D|–9———9——————9———9————| A|——————————————————| E|——————————————————| E|———————————————–| B|–9^———————9^——————–| G|–9|h11–9–8————9|h11–9–8——8—-| D|–9|———–11–11—-9|———–11——-| A|———————————————–| E|———————————————–| Full music score: Here. I hope this article has been helpful to you. Feel free to leave any comments below. You may also send me […]

San Diego CTF 3 (2022) Write-up (pwn)

Hi everyone! San Diego CTF 3 was held from 7/5/2022 to 8/5/2022. This post will be on the two pwn challenges I have solved for my team. Let’s get started! 1. Challenges Horoscope ret2win x64 ELF buffer overflow (BoF) challenge Secure Horoscope Return-oriented programming (ROP) ret2libc x64 ELF challenge with limited space. Hence creativity is […]

火把音樂 -【當我抬頭仰望 When I Look at the Sky】 Guitar Tabs

Notes Standard tuning Tabs Interlude (3:10): E|–15–15-15—————————————————-14–14s15–| B|————-19–19s12–12–12–12-12–13–13–13–13–15–15————-| G|————————————————————————–| D|————————————————————————–| A|————————————————————————–| E|————————————————————————–| E|–15–15-15–15———————————————————–| B|—————–19–19–19–19s12–12–12–12–12————————| G|—————————————————-14–14–12————| D|————————————————————————–| A|————————————————————————–| E|————————————————————————–| I hope this article has been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds […]

ImaginaryCTF April 2022 Write-up (Pwn)

Hi everyone! This article is on ImaginaryCTF which is held every month. In this month’s pwn challenges, there is buffer overflow to overwrite local variable, format string attack (stack-based and heap-based) to overwrite a global variable, and ROP ret2libc using two GOT functions to leak libc used and bypass libc ASLR. All these challenges are […]

NahamCon CTF 2022 Write-up (pwn)

Hi everyone! NahamCon CTF 2022 was held from 29/4-30/4. Before we begin, make sure you have pwntools and Python installed. Let’s get started! 1. Challenges Babysteps Buffer overflow with on stack execution on a 32-bits C-based ELF progam to obtain a shell. CALL EAX is used to jump to the start of the shellcode due […]

NahamCon CTF 2022 – Personnel Write-up (Web)

Hi everyone! NahamCon CTF 2022 was held from 29/4-30/4. This Personnel challenge is on REGEX injection to leak the flag. Let’s get started! Files provided app.py Outlook of the website We can see there is a search bar for us to input stuff. Looking at the HTML source code, we can see the form will […]

NahamCon CTF 2022 – babyrev (Reverse Engineering)

Hi everyone! NahamCon CTF 2022 was held from 29/4-30/4. This babyrev challenge is on reversing the encoded flag to decode it. Let’s get started! Files provided babyrev You can download by reversed engineered IDA Freeware 7.7 database file for babyrev here. Overview We can see in the main(), it will prompt us for a username […]

b01lers CTF 2022 Write-up (Reverse Engineering)

Hi everyone! This post is on b01lers CTF 2022’s reverse challenges which was held on 23/4 – 24/4. The two write-ups on this post are on challenges that requires us to write x64 assembly code based on the given questions on each level. Let’s get started! 1. extreme_64 Can you program in x86_64 assembly? Pass […]

b01lers CTF 2022 Write-up (Pwn)

Hi everyone! This post is on b01lers CTF 2022’s pwn challenges which was held on 23/4 – 24/4. The pwn challenges are on using gets() and overflow to bypass strcmp() as well as string format attack to leak the flag located in heap memory. Let’s get started! 1. gambler_overflow Feeling luuuuuuuucky? You must create a flag.txt […]