Information category: pwn points: 1000 Description None Write-up This challenge provides a way to leak memory directly from the stack using a controlled index. With this capability, we ...

Information category: pwn points: 1000 Description None Write-up We start by analyzing the binary’s control flow. The vulnerable function vuln() reads user input using the read() syscal...

Information category: pwn Description None Write-up Binary Analysis From reverse engineering the binary, we identified a function named doThing() that contains a call to the read() funct...

Information category: pwn points: 1000 Description None Write-up When running: λ ~/Desktop/CTF@NCSC/pwn/pwn2/ ./pwn202 Hey please enter the Secret password for lab 202 mr pwner: AAAA L...

Information category: pwn points: 1000 Description None Write-up This challenge is similar to the classic baby pwn challenge but with an important twist: the win function requires two p...

Information category: pwn points: 1000 Description None Write-up When running the challenge binary: λ ~/Desktop/CTF@NCSC/pwn/pwn1/ ./baby Welcome to babypwn challenge! Enter your input...

Information Category: Pwn Description None Write-up When we run the program, it takes user input. If we inspect it using Ghidra or IDA, we can see it uses gets(), which is dangerous due...

Information category: pwn Description Perform ROP when the stack frame returns to libc! Write-up Connecting to the Challenge When you connect to the server at 127.0.0.1 on port 1337 usin...

Information category: pwn Description Perform ROP against a network forkserver! Write-up Connecting to the Challenge When you connect to the server at 127.0.0.1 on port 1337 using nc, yo...

Information category: pwn Description Perform ROP when the function has a canary! Write-up PIE and Stack Canary — How Do We Bypass Them? This binary has two common protections enabled: ...