ImaginaryCTF April 2022 Write-up (Pwn)

Hi everyone! This article is on ImaginaryCTF which is held every month. In this month’s pwn challenges, there is buffer overflow to overwrite local variable, format string attack (stack-based and heap-based) to overwrite a global variable, and ROP ret2libc using two GOT functions to leak libc used and bypass libc ASLR. All these challenges are […]

b01lers CTF 2022 Write-up (Pwn)

Hi everyone! This post is on b01lers CTF 2022’s pwn challenges which was held on 23/4 – 24/4. The pwn challenges are on using gets() and overflow to bypass strcmp() as well as string format attack to leak the flag located in heap memory. Let’s get started! 1. gambler_overflow Feeling luuuuuuuucky? You must create a flag.txt […]

HackTheBox – Racecar Write-up

Hi everyone! Today’s writeup is on Racecar, a very easy pwn (binary exploitation) challenge on HackTheBox. This challenge is on format string attack. Let’s get started! Files Given file: racecar (ELF file) Scripts/database made by me: IDA database Tools required Linux Netcat Ghidra IDA (Freeware/Education/Pro) Python3 Pwntools Outlook There are many paths to choose […]