ROP Phobia 500 I know, I know everyone has their own fears. Check if you have ROP Phobia or not? If so, overcome it :) Connection: nc pwn1.blitzhack.xyz 1337 Author: 0x1337 Team: Weak But Leet Attachment: public.zipxpl.py Enter student name: a Enter student major: b 1. Add Courses 2. Show Details 3. Remove Course 4. View Course 5. Submit Project 6. Exit > Looks like your usual note challenge at first, but as the name suggests, it’s a rop challenge and that will be happening in Submit Projec...| kileak
Shellphobia 500 Pwn I know, I know everyone has their own fears. Check if you have Shellphobia or not? If so, overcome it :) nc pwn.blitzhack.xyz 1337 Author: Kaiz0r Team: Weak But Leet Attachment: public.zipxpl.py ╠══════════════════════════════════════════════════════════════╣ ║ ║ ║ ███████╗██╗ ██╗███████╗██╗ ...| kileak
World Wide CTF 2024 - Free My Man Pascal| kileak.github.io
World Wide CTF 2024 - CTF Registration 500 / hard Author: nosiume I’m finally making my own ctf competition! I wanted to make sure that my registration system is safe and since I know from past ctf experience that glibc malloc is very easy to exploit; I decided to use a different allocator :) nc ctf-registration.chal.wwctf.com 1337 Team: Weak But Leet Attachment: ctf_registration.zipxpl.py _____ ___________ ______ _ _ _ _ / __ \_ _| ___| | ___ \ (_) | | | | (_) | / \/ | | | |_ | |_/ /___ __...| kileak
SECCON CTF 13 Quals - TOY/2 author:ptr-yudai TOY/2 is a minimalist 16 bit CPU. nc toy-2.seccon.games 5000 Team: Super Guesser Attachment: TOY_2.tar.gzxpl.py intmain(){VM*vm=newVM();std::setbuf(stdin,NULL);std::setbuf(stdout,NULL);for(Addri=0;i<MEM_SIZE;i++)if(fread(&vm->at(i),1,1,stdin)<=0)break;std::cout<<"[+] Running..."<<std::endl;try{vm->run(0);}catch(conststd::exception&e){std::cout<<"[-] Error: "<<e.what()<<std::endl;}std::cout<<"[+] Done."<<std::endl;vm->dump_registers();deletevm;retur...| kileak
SECCON CTF 13 Quals - BabyQEMU author:ShiftCrops nc babyqemu.seccon.games 3824 Team: Super Guesser Attachment: BabyQEMU.tar.gzxpl.pypwn.c BabyQEMU was nice entry level challenge to learn about QEMU escape. It provided a pci device babydev, which allowed to read/write memory via mmio access. staticuint64_tpci_babydev_mmio_read(void*opaque,hwaddraddr,unsignedsize){PCIBabyDevState*ms=opaque;structPCIBabyDevReg*reg=ms->reg_mmio;debug_printf("addr:%lx, size:%d\n",addr,size);switch(addr){caseMMIO_G...| kileak
UNbreakable International 2024 - strground| kileak.github.io
PatriotCTF 2024 - DirtyFetch Solves: 9 (expert - 484) My kernel is your kernel. Well, some of it. Here’s ioctl. Author: Dylan (elbee3779) nc chal.competitivecyber.club 8886 Team: Weak But Leet Attachment: dirty_fetch.tar.gzpwn.c DirtyFetch had a simple race condition in its kernel module, which could be used to overflow the stack to rop. The module was accessable via ioctl and provided functionality to (0x10) set a max length for requests to be read/write (0x20) allocate a storage buffer, w...| kileak
Equinor CTF 2023 - Travel Tracker| kileak.github.io
SunshineCTF 2023 - Robot Assembly Line| kileak.github.io