Stfort52

Google CTF 2022 treebox

Analysis

It's one of those python sandboxing problems. You enter python script, server evaluates....if it passes the filter function below.

def verify_secure(m):
  for x in ast.walk(m):
    match type(x):
 case (ast.Import|ast.ImportFrom|ast.Call):

Stfort52

GCTF 2022 segfault labyrinth

This is a write-up for task segfault labyrinth in google ctf 2022

Analysis

The problem is consisted with a single amd64 binary. What it does is simple. It just runs your shellcode with some limitations. For example, there is a seccomp filter which prevents you from getting new file descriptors.

 line  CODE  JT   JF      K
=================================
 0000: 0x20 0x00 0x00 0x00000004  A = arch

Stfort52

#ifndef __LIB_COLORS_H
#define __LIB_COLORS_H

#ifndef NO_COLORS

/**
 * ANSI Escapes for Normal Colors.
*/
#define BLK(TEXT) "\x1b[30m"TEXT"\x1b[0m"
#define RED(TEXT) "\x1b[31m"TEXT"\x1b[0m"

Stfort52

#!/bin/bash
# Print the biggest computing chunk
smax () 
{ 
    max_node="N/A";
    max_cores=0;
    for node in `sinfo --Node $*| awk 'BEGIN {FS=" "} {if(NR > 1) print $1}' | uniq`;
    do
        idle=`sinfo -o%C --nodes $node | awk 'BEGIN {FS="/"} {if(NR == 2) print $2}'`;
        if [ $idle -gt $max_cores ]; then

Stfort52

diff --git a/Makefile b/Makefile
index 5ac4ad6..4055a78 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@
 #  2/13/16
 # ***********************************************************************
 SAMTOOLS=./diffsplice/src/parse_bam/samtools-0.1.18/
-BOOST=./boost_1_60_0/
+BOOST=/usr/include/boost

Stfort52

A sample and extended code snippnet for copying data between kernel and userland. please refer to 3.1.5 Accessing User Memory(https://web.stanford.edu/~ouster/cgi-bin/cs140-spring18/pintos/pintos_3.html#SEC39) for more details.

Stfort52

gimmie: helper.c
	gcc helper.c -o gimmie -s
	rm gimmie.gz
	gzip --best --keep gimmie
	python mover.py > move.sh

Stfort52

zer0pts 2022 0av

This is a write-up for the task 0av from zer0pts CTF 2022.

Analysis

The problem provides a connection to a VM instance. There, you can find the flag file flag.txt under directory /playground. The flag file has all the permissions that you need, so you can just cat flag.txt to get the flag.

Of course not. In the background, there is an antivirus process called 0av running in root permissions, inspecting any file open attempts.

Stfort52

Codegate2022 Preliminaries ARVM

This is a write-up for the pwning task ARVM from Codegate2022 Preliminaries.

Analysis

This problem is basically an ARM32 emulator built on ARM32. In this program, we are allowed to run about 4000 bytes of shellcode. However, it wouldn't even be a challenge if that was all. The program analyzes the shellcode and emulates its behavior to verify it against some criteria.

To analyze the program, the program state is managed with the following structure.

Stfort52

SSTF 2021 SW Expert Academy

This is a write-up for the web? and pwning task SW Expert Academy from SSTF 2021

Analysis

In this problem we are given a website that presents an algorithm problem. In short, its about calculating a chance of winning in a dice game, where two 6-faced dices are given. For example, when a dice with faces 3, 4, 3, 4, 3, 4 and the other dice with 1, 1, 1, 1, 8, 9 are given, the program should print out 2/3 which is the chance of the first dice winning.

Actually, this is not really a coding challenge, as there are only three fixed test cases which are given as examples. The three test cases are given below.