2015/05/22

Small introduction to ROP and format string

As the title indicates, this is a very small introduction to return oriented programing (ROP) and format strings for people that don't yet know what this techniques are and what they are used for.

This post is meant for people willing to understand what this 2 exploitation techniques are so experts will get bored only seeing the title :).

Read more »
Published by No comments:
Labels : , ,

2015/05/21

Defcon 2015 Quals - babycmd writeup


We are given the folowing information and a binary to download:
babycmd_3ad28b10e8ab283d7df81795075f600b.quals.shallweplayaga.me:15491 (Download) 
$ file babycmd_3ad28b10e8ab283d7df81795075f600b
babycmd_3ad28b10e8ab283d7df81795075f600b: ELF 64-bit LSB  shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, stripped


$ checksec.sh --file babycmd_3ad28b10e8ab283d7df81795075f600b
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
No RELRO        Canary found      NX enabled    PIE enabled     No RPATH   No RUNPATH   babycmd_3ad28b10e8ab283d7df81795075f600b

Running the binary, it provides us with 3 functionalities: ping, host, dig
Read more »
Published by No comments:

2015/05/19

Defcon 2015 Quals - mathwhiz solution

Category: Baby's First Points: 1

The information given to us:

mathwhiz_c951d46fed68687ad93a84e702800b7a.quals.shallweplayaga.me:21249
After connecting to it we can see it's giving us mathematical operations and he's waiting for the result. The solution is pretty easy. Get the data and pass it to python eval and return the result to the server.

Read more »
Published by No comments:
Labels : , , ,

Defcon 2015 Quals - Babyecho Writeup

This write-up is made by boogy of the on_est_pas_contents ctf team

This was an cool challenge which was worth 1 point. But nevertheless we enjoyed solving it. The binary is 32bit and striped:


Read more »
Published by No comments:
Labels : , , , ,

2015/01/18

Ghost in the Shellcode 2015: Cloudfs writeup

Category: Forensics Points: 200
The file we were given if a pcapng file. To be able to read'it with scapy we need to convert it to pcap. The easiest way is to use tcpdump as so:
tcpdump -r cloudfs-31c938df3531611b82fddf0685784a2b67373305ec689015f193a555b756beb2 -w cloudfs.pcap
Use scapy to extract all icmp packets:
Read more »
Published by No comments:
Labels : , ,

2015/01/08

Augmenting Binary Analysis with Python and Pin


Reverse engineering typically involves activities ranging from reading disassembly output to playing with debuggers. However, an often overlooked technique is making use of dynamic binary analysis frameworks.

In this talk, we will be looking at Intel's solution, PIN, and walk through how just about anyone can make great use of it. We will discuss reasons why more people should use these tools, some novel uses (including finding bugs and solving ctf challenges automatically), and even introduce our own python bindings for Pin which will make writing pin tools a breeze. Automated binary analysis is an extremely useful technique and we feel that the use of Python and Pin will making jumping in less intimidating.

We will also demonstrate the ease of use by showing some real world examples and tackling some commonly seen issues when dealing with binary analysis.

Read more »
Published by No comments:
Subscribe to: Posts (Atom)