Environment setup #!/bin/bash mkdir initramfs cp initramfs.cpio.gz initramfs cd initramfs gzip -d initramfs.cpio.gz cpio -idmv < initramfs.cpio rm initramfs.cpio cd .. #!/bin/bash cd initramf...

Background Suppose you have pwned a process and can execute your ROP chain, that seems great at first because now you can pop a shell right? But what if: You don’t have enough gadgets for popp...

Arena An arena is a memory management structure in glibc’s malloc implementation that manages a contiguous region of memory from the heap. It organizes memory into chunks, provides synchroniza...

This series is about the GNU allocator Some information might be incorrect as I am creating these posts while learning myself What is heap? Heap Heap is a region of memory divided i...

Vault Fault Explanation Solution #include <stdio.h> #include <stdlib.h> #include <time.h> int main() { srand(time(NULL) / 5); printf("%c", rand() % 256); } #!/usr/...

Explanation Solution // Compile with: musl-gcc -static -o exploit exploit.c #include <fcntl.h> #include <pthread.h> #include <stdbool.h> #include <stddef.h> #include &lt...

Baby pwn Here’s a baby pwn challenge for you to try out. Can you get the flag? nc 34.162.142.123 5000 Author: atom void secret() { printf("Congratulations! Here is your flag: "); ...

I will keep updating this as and when I learn more. I assume you are already familiar and comfortable with the linux ecosystem and the CLI. If not, get yourself familiar :D When I started...

jail/javajail1 Good luck getting anything to run. nc chal.amt.rs 2103 Analysis #!/usr/local/bin/python3 import subprocess BANNED = ['import', 'class', 'Main', '{', '}'] # good luck gett...

Overall a very nice CTF with a good difficulty curve and well made challenges. I managed to solve 7/10 pwn and 1 reversing challenge. pwn/Tutorial Before we start, practice time! Attachment:...