TAMUCTF: Bandaid

We are given a broken binary that claims it needs some fixin'! We can go about this two ways: Patch the assembly so it executes as it should OR we can just force it to execute properly in GDB by setting the EIP to the function it is supposed to execute. I went with the latter method. Setting the EIP to the address for _Z2f2v, we continue...

Read More

TAMUCTF: Pwn 1 & 2

Pwn1: Disassembling the binary we are given, we can see there is a print_flag function that is preceded by a cmp instruction. We can perform a buffer overflow to manually enter the hex word "0xf007ba11" so that the comparison statement evaluates properly and the print_flag function is executed. Looking at the assembly we can determine that...

Read More

TAMUCTF: Enum

This was by far my favorite challenge of the CTF since it resembled a mini boot-to-root challenge (minus actually getting root part...), which focused a lot (surprise, surprise) on enumeration. When we initially SSH in, we are dropped into a restricted shell, so first things first to make it easier on ourselves, call /bin/bash with echo 'os.system("/bin/bash")'...

Read More

Basic Pentesting: 1 Walkthrough

It's been quite a while since doing a VM (been busy moving, new job, etc...), and I saw that a bunch of new ones had been uploaded to Vulnhub, so I finally got a chance to sit down and have some fun. Basic Pentesting: 1 was fun. Definitely geared towards beginners, but it made for an enjoyable night! Naturally, start with an arp-scan to determine...

Read More