Court of Analysis and Testing

Welcome back to another PWN CTF, this time we will be looking on how to solve the exploitation challenge from the Hackerolympiad Thomas More & NVISO. link to the binary: https://github.com/ctfs/write-ups-2017/tree/master/belgian-hackerolympiad-2017/exploitation/luigi First, let's try to execute it in order to get the big picture of the program workflow before executing the program, we need the binary to be executable by using chmod utility ~# chmod +x challenge uh-oh! it seems we missing something that leads to a segmentation fault, we need to gain more understand to find out what we need to supply along the binary so it won't crash at the next execution. We can use Ghidra to help us with this task. It helps us to analyze the binary in detail manner by providing the pseudocode of the program After ghidra finish load the binary, go to the main function and take a look at the disassembler window that contains the main function source code. One of the funct...

Back again with another ARM buffer overflow, this post will pick up what we left in the previous post. Last time, we talk about how to bypass NX protection that changes stack region permission into non-executable by constructing ROP in our exploit and we can see that using one anti-exploit mechanism may not be really effective and we need to add a couple of additional protection to make it more reliable. One of the additional protection that usually emphasizes in binary along with NX is ASLR that stands for Address Space Layout Randomization. ASLR is responsible to make the address of used by the program to be randomized this could bring trouble for us since in the previous chapter we always hardcoded our ROP into the payload. Although ASLR and NX is a pretty good combination in circumventing exploit we can still bypass this two protection together, by: Information leak, this is basically taking advantage of another vulnerability that let us have information about the curre...

It's been a while since I do an android challenge so I become curious and end up searching around GitHub to found if there is any challenge that caught my eyes, fortunately, I stumble upon this challenge called "KGB messenger" (link: https://github.com/tlamb96/kgb_messenger ) basically, it is a reverse engineering challenge that demands you to find a flag inside the app. According to the description the app itself have three-level that we must finish: Alerts (Medium) The app keeps giving us these pesky alerts when we start the app. We should investigate. Login (Easy) This is a recon challenge. All characters in the password are lowercase. Social Engineering (Hard) It looks like someone is bad at keeping secrets. They're probably susceptible to social engineering... what should I say? The background story goes like this: You are working for the International Secret Intelligence Service as a reverse engineer. This morning your team lead assigned you to ins...