HSCTF Combo Chain Lite Pwn

This was decent challenge to learn x64 rop. We can can notice pointer to memory block. It is leaking system address intentionally. Looking at the disassembly of vuln we can see a gets. So we can overwrite rip easily.   Skeleton for this challenge is fill buffer + basepointer + overwrite rip with rop gadget […]

CBM_CTF -Reversing – Cryptoware

IDA Decompilation: I haven't reversed much on c++. But Still, I was trying to spend time with the binary to understand the logic. Key Points: 1) Binary does mod 95 before writing into v2. So the range is less than 96. 2)v14 is never used inside. 3)v13 is used for xor encryption.v13 is computed from […]

CBM_CTF Hashish – Reversing

IDA Decompilation Challenge Description: Hi My friend made a hash algo which he thought was irreversible….however he was on Manali Cream[hashish ;-)]. so he print something he should not print while making hashes. Below is the output of given binary with flag as input… get the flag. hash-0 : 138 hash-1 : 512 hash-2 : […]

CBM_CTF -pwn4

IDA Decompilation: I tried to implement the same function outside & got to know that we need to exploit the file descriptors. Even we can write into the buffer by making v5 as zero. (base) naveenezio@naveenselvan:~/Downloads/2019/CBM/457a1a2e03e87742f38f9c233b754f9b$ gcc sim.c sim.c: In function ‘main’: sim.c:10:3: warning: implicit declaration of function ‘__isoc99_scanf’ [-Wimplicit-function-declaration] __isoc99_scanf(“%d”, &v5); ^ sim.c:15:8: warning: […]

CBM_CTF -pwn5 Integer OverFlow Bug

I will try to explain this a bit detailed in order to show why the exploit actually works. Main Function: Inferred Points From Decompilation: 1. It gets input in v4 2.V5 is initialized with a value 3.V4 + v5 should be less than or equal to 152. v5 is already initialized with a value greater […]

CBM_CTF -pwn3

Previously I haven’t read the challenge description & got stuck with it. Then only I understand its more or like a reversing challenging. After that, I have solved this one Description: reverse binary and submit key/number at: nc 35.231.63.121 1340 for flag Main Function doesn’t reveal anything useful. There is a function called gen_key. This […]