This company is one of the top software companies in the world,
because every single employee knows that they are part of a whole.
Thus, if an employee has a problem, the company has a problem.
nc chal.ctf.b01lers.com 1014
this is a simple buffer overflow challenge, we need to pass the if condition, we have to set
%rax and %rbx to 0x0.
There is no Spoon
Neo: bend reality, and understand the truth of the matrix.
nc chal.ctf.b01lers.com 1006
another easy challenge, in this challenge we have to overwrite variable changeme
Would you still have broken it if I hadn't said anything?
nc chal.ctf.b01lers.com 1015
I am the third person to solve this challenge, another buffer overflow challenge.
in this challenge, we have to overwrite %rip to 0x401196
Next up, hack the matrix again, but this time, insert your own code.
nc chal.ctf.b01lers.com 1007
challenge source code:
this is a shellcode challenge I am the second person to solve this challenge,
we can only write 16byte shellcode to the .bss. in order to send our full shellcode we can
write a shellcode that can read from stdin and after that we send our shellcode to the last part of shellcode
See for Yourself
The matrix requires a more advanced trick this time. Hack it.
nc chal.ctf.b01lers.com 1008
I am the second person to solve this challenge, we can create a rop to set the address of “/bin/sh” to %rdi and call system from plt
Goodbye, Mr. Anderson
Do it again Neo. Cheat death.
nc chal.ctf.b01lers.com 1009
this is the tricky one, we can overwrite __libc_start_main using leak_stack_canary function
the binary itself use full protection and use libc version 2.31. which we can’t use one_gadget to solve this challenge.
in order to solve this challenge we need to leak canary, base pie and libc address
since we can only overwrite __libc_start_main in order to create a rop we can use add rsp, 8; ret; gadget
to get our rop working properly. pardon my crappy code.
Hmm....I hope you paid attention in class, spies!
since we were given a .so file, we can write a C code that load the .so file and call getflag function.
Once upon a time, there was a young Thumb Thumb named Juni. Juni was shy and had no self confidence,
until one day evil Thumb Thumbs kidnapped his spy Thumb Thumb Parents.
WANTED: EVIL THUMB THUMB. CRIME: KIDNAPPING. HAVE YOU SEEN THIS THUMB?
the flag is loaded from function thumblings_assemble, to dump the flag,
use gdb to debug the binary and set a breakpoint at thumblings_assemble+230 after that examine the value of %rsp+16 using gdb