Skip to content

Instantly share code, notes, and snippets.

View Stfort52's full-sized avatar

Jaehoon Baek Stfort52

17 followers · 15 following
  • POSTECH, Lab of Computational Biology
  • South Korea
  • 02:58 (UTC +09:00)
View GitHub Profile
@Stfort52
Stfort52 / LinkerChess.md
Last active August 11, 2021 07:20
Write-up for the challenge Linker Chess from OMH CTF 2021

OMH International CTF 2021 Linker Chess

This is a write-up for the misc challenge of the problem Linker Chess from OMH CTF 2021

Problem

In this problem, we are required to craft a linker script which spawns a shell. We can't manipulate anything from the compilation process, as the source code of the challenge is fixed as the problem script below.

@Stfort52
Stfort52 / Cellchat.md
Last active June 22, 2023 01:26
My R(Cellchat) environment

Cellchat R environment

build

docker-compose up --build

contains

  • Cellchat
  • xterm for plotting
@Stfort52
Stfort52 / _OilSystem.md
Created December 26, 2020 16:01
Xmas CTF 2020 Oil System

Xmas CTF 2020 Oil System

This is a write-up for challenge Oil system in Xmas CTF 2020.

Problem

We are provided with a binary called oil and a example custom script example for it.

Goal

@Stfort52
Stfort52 / PySandbox.md
Last active August 9, 2021 08:12
SECCON 2020 Yet Another PySandbox

SECCON 2020 Yet Another PySandbox

This is a write-up for the seccon 2020 sandbox challenge Yet Another PySandbox.

Problem

We are provided with a python script called run.py. We are required to break out of the restricted python environment.

Analysis

@Stfort52
Stfort52 / _syscallkit.md
Last active August 19, 2021 07:05
zer0pts 2020 Syscallkit

zer0pts2020/syscallkit

this is a zer0pts2020 writeup for the pwn task syscallkit.

problem

we are provided with binary called chall and its source code main.cpp. It's basically a system-call emulator, which lets you execute some system calls directly. But there are two limitations about it. Firstly, you can only execute system calls that it allows. juicy system calls like read, write...or execve is not allowed. Secondly, you can only execute 10 system calls.

goal

It's pwn problem. Besides getting a shell, what are you trying to do?

analysis

First things first, let's take a look at their blacklist.

int  Emulator::check() {
@Stfort52
Stfort52 / verifier.md
Created August 8, 2020 13:29
Codegate 2020 Quals Verifier

codegate 2020 teaser / verifier

This is the Write-Up from the CTF codegate 2020 teaser.

concept

This problem analyzes, predicts and executes the user's expression. Various expressions are supported, starting from arithmatic operations to things such as loops, conditionals, and randoms. User can create a variable, assign a value to it, or print its value. The After parsing the input without syntax errors, it predicts the script's behavior by simulating it, preventing malicous behaviours such as reference to an undefined variable, or print of a negative number, which is going to be our main topic. The behaviours of variables are predicted using a domain, which is really a domain of all the numbers that a variable can be.

For example, assigning the random from 1 to 10 will make the variable's domain to [1,10]. Using the ternary operator of x > 5 to x = [1, 10] will split this domain into two, a True domain of x = [6, 10] and a False domain of x = [1, 5]. And adding two doma

@Stfort52
Stfort52 / _variableMachine.md
Last active September 14, 2020 05:07
Defenit2020 Variable-Machine

Defenit2020 Variable-Machine

This is a writeup for the pwn challenge Variable-Machine in Defenit CTF 2020.

Problem

We are only provided with a binary called main .

Goal

Pwn problem. Get the shell

Analysis

As the name says, this program has a slot for 256 variables. There are three variable types, INT, CHAR, and STRING. They are all managed by a structure. I named it variable.

00000000 variable struc ; (sizeof=0x10, mappedto_9)