ctf

Difficulty: Medium Description: WTF if going on here? Author: Olivier For this Chall, we’re given a single text file: ++++++++++++++[>+++>+++>+++>++++++>+++<<<<<-] >>+++++>++++++>++++++++>>++++++++++++++++++ [>++++++>+++++>+++>++++>++++++++>+++++>++++++++ >+++>+++++++++++>+++++++>++>++++>++++++++>+++++++++++ +>++++++>++++++++++++>+++++++++++<<<<<<<<<<<<<<<<<-] >++++++++++++>++++++++++>>+++>++++>++++++++++++>+>+++++++++++++++>+> ++++++++++>+++++++++>+++>++++>++++++++++++++++>++++++>+>++++++++++++++++ [>>,[<+++>-]<+[<->-]<[]<] < [.<] This obviously looks like Brainfuck code. The first reaction is to convert to another language. Lots of converters can be found online, such as brainfuck to C converters. By doing so, it is easier to identify the program into three parts....

As this chall already has an official writeup](https://hackmd.io/@blackb6a/hkcert-ctf-2024-ii-en-07128acbc80dd0a4#Pwn-Flag-hasher), please consider this page as some notes to make the payload 1 - Looping the connection index for a linear lookup of the memory’s contents while loop checking if an error occurs if it occurs, stops some time before reconnecting 2 - Converting the received hash pretty straightforward, but there are some pitfalls to avoid due to python’s handling of the bytes type:...

Challenge’s files PWN (beginner) - runway3 a look at canaries, stack alignement and basic This is the last challenge tagged for beginners. We are given both the binary and the source code. By running file on the binary: By using checksec on the binary, we can see the following: Arch: amd64-64-little RELRO: Partial RELROw Stack: Canary found NX: NX enabled PIE: No PIE (0x400000) What matters here is that a canary is found in binary....

name : detic category : misc Objective The goal of this challenge is to find a point on Earth that is equidistant from three given locations on earth. When we connect to the instance, we get the following message: | Hi, as a `ASIS` driver, you should be in a position where you are | | exactly the same distance from three passengers in Iran. We will | | calculate this distance with an accuracy of ten meters....

pwndbg is a collection of gdb plugins to facilitate pwn and reversing in GDB. Official Cheatsheet hexdump [address] [number of bytes] dumps you [number of bytes] bytes in memory starting from [register] canaries prints you info about canaries found in the binary and their addresses.

Links Complete Cheatsheet w/ examples Official Doc Binaries p = process('/binary') e = ELF('./binary') creates an ELF object, allowing you to access symbols, addresses… rop = ROP(e) Dealing with Network Netcat When you’re given a nc <address> <port> command, its equivalent is r = remote(address, port) Strings != Bytes pwntools reference To convert a string to a Bytes array, do s.encode('charmap'), with s your string.