pwn

blog status

2022-11-23 By qld

As it turns out, I had a hard time going getting the knack to finish these challenges after a needed vacation time. Turns out, the time I don't allocate to my job is now filled with practical hands-on (as in: physically pouring concrete, not as in downloading sample material from …
read more
More format strings

2022-11-07 By qld

Intro on printf vulns

First of all, some links. printf abuses have been extensively documented now, see https://tinyhack.com/2014/03/12/implementing-a-web-server-in-a-single-printf-call/ for the infamous "web-server-in-a-single-printf-call" headline, which turns out to just be a hardcoded shellcode that serves a hello world. We could have actual turing machines in …
read more
Definitely not hacking a Timio player
2022-10-23 By qld
First of all, apologies, this blog post looks like a mess. It contains my raw process from 0 knowledge to achieving an arbitrary britney output primitive on the TIMIO child device. If you're not interested in the thought process, here it is:
- rubberband the audio x2.75 to elevate pitch …
read more
Using existing code
2022-10-20 By qld
I couldn't find enough time to finish that challenge yesterday. Turns out my chickens did escape. Good news, they came back on their own this morning, hence the extra time for this challenge.

Stuff I learned:
- gef is excellent https://github.com/hugsy/gef, provides proper view of what's going …
read more
Properly exploiting format strings
2022-10-18 By qld
That paper really covers the subject properly.
- https://cs155.stanford.edu/papers/formatstring-1.2.pdf - Exploiting Format String Vulnerabilities
Stuff I learned today:
- my payload started not working as soon as 0x20 was in some p32(address) representation because I forgot quotes around the xxd wrapper payload, causing the space …
read more
Automating X11 clipboard content
2022-10-17 By qld
Ahh, Stanford. I'm starting a format string binary now.
- https://cs155.stanford.edu/papers/formatstring-1.2.pdf - Exploiting Format String Vulnerabilities
- http://phrack.org/issues/49/14.html#article - Smashing The Stack For Fun And Profit
- http://phrack.org/issues/60/10.html - Basic Integer Overflows
- http://phrack.org/issues …
read more
ThePirateBay.exe

2022-10-17 By qld
read more
Shellcode on the stack and syscalls

2022-10-14 By qld
read more
Simple execve template
2022-10-13 By qld
A single challenge tonight, busy day. This one went easier than expected, no fiddling with offsets or planting binaries. Have I shown you that piece of code I got ready just in case, thanks to man execve ?
/* execve.c */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> int main …
read more
Simple shellcode and automation
2022-10-12 By qld
So, time to step up, there was no real binary exploitation so far, just some staring at the binaries and scripting with pwntools. These are gentle introductions to binary exploitation.
Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX disabled PIE: No PIE (0x8048000) RWX: Has …
read more