badicsalex

Namespacefs

• Original Description
• The task
• Step 1: path check
• Step 2: sandboxed RCE
• Step 3: namespace and fsuid shenanigans
• Flag
• Exploit code

Original Description

A remote filesystem with protobufs and namespace-based security. You can find the flag at /home/user/flag (read-only by root)

badicsalex

Threading

• Original description
• The task
• The sandboxed language
• The attack surface
• Fun with undefined behaviour
• Solution

Original description

badicsalex

GoGo PowerSQL

Description

Pwn me

[service URL]

[.tar.gz of the service]

Type

🍊

badicsalex

Luatic

Description

Win the jackpot!

Type

🍊

(misc php redis lua pwn thing)

Code