This was a two part challenge, and I have to cover the vulnerability for the web version as well because its used in the final exploit for RCE.
Files can be found here.
The create() function is as follows:
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from pwn import * | |
| elf = ELF("./chall") | |
| libc = ELF("./libc.so.6") | |
| #p = process("./chall", env = {"LD_PRELOAD": "./libc.so.6"}) | |
| p = remote("pwn.ctf.zer0pts.com", 9002) | |
| format_str = 0x602100 |
farazsth98
/ not_beginners_stack.py
Created
March 7, 2021 12:04
zer0pts CTF 2021 - Not Beginners Stack
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| from pwn import * | |
| #p = process("./chall") | |
| p = remote("pwn.ctf.zer0pts.com", 9011) | |
| #gdb.attach(p) | |
| # Overwrite rbp with return address array + some offset |
You can find the challenge files here.
Hackers always love base64.
nc 185.14.184.242 9990
This challenge provided a binary that took some input from the user, and either base64 encoded or base64 decoded it.
farazsth98
/ 1-writeup.md
Last active
January 30, 2024 21:17
SafeBridge Writeup: See 1-writeup.md for short description of the bug and attack path.
All challenge files + exploit can be found here: https://github.com/farazsth98/CTF/tree/master/realworldctf-2024/safebridge
The setup of the challenge is as follows:
- Two bridge contracts deployed on L1 and L2.
- WETH is deployed on L2 at hardcoded address
L2_WETH. - The deployer has already transferred 2 WETH from L1 to L2, so the L1 bridge has 2 WETH in it.
- The objective is to drain the L1 bridge.
OlderNewer