Upon connecting to the server we are presented with the following options
I heard that tcache is pretty bad, but disabling it is pretty annoying.
But chunks that're greater than 0x408 don't go in tcache :)
class Solution: | |
def divide(self, dividend: int, divisor: int) -> int: | |
sign = 1 | |
if dividend < 0: | |
dividend = - dividend | |
sign = - sign | |
if divisor < 0: | |
sign = - sign | |
divisor = - divisor | |
piles = [[] for _ in range(divisor)] |
The correct code should match 'no\n'. Memory should be 'no\n\x00'. | |
This is the memory expression at the initial stack offset (it should be 'n') | |
mem: | |
memory 0x7fffffffffeff20 8 | |
If | |
| __eq__ | |
| | __add__ | |
| | | <BV64 0x7fffffffffeff20> |
So we're presented with a process where we can execute arbitrary shellcode (yay syscalls!) but are restricted in which syscalls we can make.
void setup_seccomp() {
scmp_filter_ctx ctx;
ctx = seccomp_init(SCMP_ACT_KILL);
int ret = 0;
ret |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(write), 0);
ret |= seccomp_rule_add(ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 0);
#!/bin/bash | |
input=$(mktemp /tmp/ghidra_input.txt.XXXXX) | |
output=$(mktemp /tmp/ghidra_output.txt.XXXXX) | |
directory=$(dirname $(realpath $0)) | |
tee $input | "$directory/decompile_real" | tee $output |
console.log("hello world"); | |
chrome.webRequest.onBeforeRequest.addListener( | |
function(details) { | |
console.log(details); | |
if (details.url.match(/test/) && details.method=="POST"){ | |
console.log("hi"); | |
} | |
}, |
{ | |
"manifest_version": 2, | |
"version":"1", | |
"name": "Test Extension", | |
"permissions": [ | |
"webRequest", | |
"webRequestBlocking", | |
"*://localhost:*/" | |
], | |
"background": |
So we're given a 16x16 minesweepr map, and need to beat it in under a minute. Time to use z3!
Z3 is a Symmetric Modulo Theory (SMT) solver. Essentially, it is able to solve logic puzzles. Our approach is to parse the map, and for each number encode that as a constraint.
Parsing the map, we first
We get presented with a login / register screen. Once
registered and logged in, we discover that we've
been given a login token cookie e4955d3a-2920-485c-ab85-232a96351872
.
If we paste that in to the form, we get "Not Admin..."
Following the Report Issues link we are given the opportunity to get the admin bot to visit an arbitrary url.