Manu's Code & Hacking Port

write4 challenge of Rop Emporium

Over the past few days I have not enough time to write and play CTF games, but yesterday I had a little bit of time, so I searched a bit about websites which has challenges about exploiting, I found a lot of websites with these kind of challenges thus I chose one of them, ROP Emporium and the challenge Write4 (random).So, It is a writeup about this challenge, I have used peda and pwntools.Solution write4: ELF 64-bit LSB executable, x86-64, …

Momentos y decisiones

Existen momentos en la vida en los que hay que tomar decisiones, a veces podemos llegar a pensar que no no tenemos que elegir, y simplemente dejarsnos llevar, aunque amigos, esto también es tomar una decisión.Me estoy refiriendo a decisiones de verdad, no a la elección de que tipo de leche comprar en el supermercado, me refiero a decisiones de la vida. La vida de cualquier persona esta cambiando a cada segundo.De entre los 86400 segundos que tiene el día …

TUCTF 2018 - A couple of writeups

Last weekend I have played at TUCTF with my team PKTeam, We solved almost all challenges and enjoyed with these ones. Also, as I haven't written any writeups for a while, I chose to write two about exploiting. TUCTF  2018 - Canary 471 - Pwn Challenge Difficulty: easy I can fix overflows easy! I'll just make my own stack canary no problem. Just try and pwn this, I dare you nc 18.222.227.1 12345 Summary It is a pwn task where …

CSAW CTF Qualification Round 2018 - shell->code 100 - Pwn

Challenge Linked lists are great! They let you chain pieces of data together. nc pwn.chal.csaw.io 9005 File SummaryEasy pwning challenge where the program receives three inputs from the user. First two inputs are of 15 bytes each, and third input, which is where we can overwrite the instruction pointer with a buffer overflow. The trick of this challenge is that we just have 15 bytes (+15 bytes) where we can place our shellcode. Thus, we need to modify our shellcode …

MeePWN CTF Quals 2018 - babysandbox (100) - Pwn

Challenge Do you know Unicorn engine? Let's bypass my baby sandbox http://178.128.100.75/SummaryA web application which contains the web application source code, a binary and an input to send a payload to the binary.From the web application we can download the binary, the exploitation of the binary is easy because it has a call , where payload is the user input.So, the goal of this challenge is bypass the filter of the web application, basically, it is a python script which …