Published onJuly 18, 2023AmateurCTF '23 - Pwn - Elfcrafting-V1ctfpwnamateurctfamateurctf23writeupelfelfcrafting-v1memfd_createfexecveSending a shebang to let fexecve execute a command for us and get the flag.
Published onJuly 18, 2023AmateurCTF '23 - Pwn - Elfcrafting-V2ctfpwnamateurctfamateurctf23writeupelfelfcrafting-v2memfd_createfexecveshellcodeasmCrafting a custom ELF binary in assembly to execute /bin/sh and inject that inside the file descriptor using memfd_create and fexecve.
Published onJuly 18, 2023AmateurCTF '23 - Pwn - RNTKctfpwnamateurctfamateurctf23writeuprntkrandom-numbercanaryExploiting srand(time(NULL)) to match the generated canary and then overflowing a buffer by generating another random number.
Published onJuly 18, 2023AmateurCTF '23 - Web - Funny Factorialsctfwebamateurctfamateurctf23writeuplfiUtilizing LFI in the theme parameter to get the flag.
Published onJuly 18, 2023AmateurCTF '23 - Web - Latekctfwebamateurctfamateurctf23writeuplfilatexpdftexUtilizing Latex to read files from the local system.
Published onJuly 18, 2023AmateurCTF '23 - Web - Waiting an Eternityctfwebamateurctfamateurctf23writeupinteger-overflowflaskUtilizing integer overflow in the cookie to make the web-app wait for -inf time.