vic511

Reporter writeup

We are facing an ELF 64-bit binary.

$ checksec fcsc_browser
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found
 NX: NX disabled

vic511

VMV writeup

Architecture

We are facing a stripped ELF 64-bit binary. It accepts a command-line parameter most likely being the password being checked. We notice the binary is taking a lot of time to execute before noticing us of a fail.

As the name suggests, we are going to consider the binary is actually an

vic511

Challenge accepted

Context

This is the solution for the coding challenge Challenge accepted from Sogeti CTF qualifications 2019.

Explanation

The python code of a server is given.

vic511

NotBad.exe

Context

This is the code used to solve the NotBad.exe web challenge from Sogeti CTF qualifications 2019.

Explanation

There is a second order SQL injection in username, while retreiving current user's notes. The python script is a REPL shell you can script to test your payloads.

vic511

class Labyrinth:
    MSG_WALL = 'STOMP ! You hit a wall, you stay at your last position'
    MSG_OK = 'OK - your new position is'
    DIRECTIONS = {
        'N' : (0,  1),
        'S' : (0, -1),
        'W' : (-1, 0),
        'E' : (1,  0)
    }
    INVERTED = {

vic511

#!/usr/bin/env python
# coding: utf-8

from pwn import *

class Exploit:
    def __init__(self, args):
        if len(args) == 1:
            self._func = process
        else:

vic511

CC	= gcc

CFLAGS	= -Wall -Wextra -std=gnu99

LDFLAGS	= -ldl

RM	= rm -f

poc: poc.o first.so second.so