Information category: pwn Description None Write-up Binary Analysis From reverse engineering the binary, we identified a function named doThing() that contains a call to the read() funct...

Information category: pwn points: 1000 Description None Write-up When running: λ ~/Desktop/CTF@NCSC/pwn/pwn2/ ./pwn202 Hey please enter the Secret password for lab 202 mr pwner: AAAA L...

Information category: pwn points: 1000 Description None Write-up This challenge is similar to the classic baby pwn challenge but with an important twist: the win function requires two p...

Information category: pwn points: 1000 Description None Write-up When running the challenge binary: λ ~/Desktop/CTF@NCSC/pwn/pwn1/ ./baby Welcome to babypwn challenge! Enter your input...

Information Category: Pwn Description None Write-up When we run the program, it takes user input. If we inspect it using Ghidra or IDA, we can see it uses gets(), which is dangerous due...

Information category: pwn Description Perform ROP when the stack frame returns to libc! Write-up Connecting to the Challenge When you connect to the server at 127.0.0.1 on port 1337 usin...

Information category: pwn Description Perform ROP against a network forkserver! Write-up Connecting to the Challenge When you connect to the server at 127.0.0.1 on port 1337 using nc, yo...

Information category: pwn Description Perform ROP when the function has a canary! Write-up PIE and Stack Canary — How Do We Bypass Them? This binary has two common protections enabled: ...

Information category: pwn Description Perform a partial overwrite to call the win function. Write-up So after running the challenge, we get a leak of the input buffer’s address. We’ll use...

Information category: pwn Description Defeat a stack canary in a PIE binary by utilizing a network-style fork server in the target binary. Write-up Like level15.0, this challenge follo...