Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added CSAW Diary 2013 writeup #31

Open
wants to merge 8 commits into
base: master
Choose a base branch
from

Conversation

symeonp
Copy link

@symeonp symeonp commented Mar 29, 2015

This is the writeup for CSAW CTF Quals 2013 Exploitation 300

symeonp and others added 8 commits March 8, 2015 23:08
Fancy Cache was a Master Challenge for PicoCTF worth 200 points. The
aim was to exploit a use-after-free vulnerability.
This is the writeup for CSAW CTF Quals 2013 Exploitation 300
This is the writeup for CSAW CTF Quals 2013 Exploitation 300
Switch to socket reuse shellcode
This writeup needs more work, will review it at some phase.
@zachriggle
Copy link
Member

I don't see your submission on the GSoC Melange website. Which name did you use for your submission?

@symeonp
Copy link
Author

symeonp commented Mar 30, 2015

Hey, I can't apply I am not a student anymore, I just want to contribute because I learn.

@zachriggle
Copy link
Member

Ah cool, thanks! :)

p = process('./fil_chal')
sleep(0.5)
binary = ELF("./fil_chal")
plt_read = binary.plt['read'] # read@plt: call 80486e0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks like this is specified twice? It's the same local or remote.

@zachriggle
Copy link
Member

You should check out some of the other write-ups. They're all split into "doit.py" with the exploit logic, and "harness.py" which is responsible for creating a flag on disk, starting the challenge server, and verifying that you can read/write the flag after the exploit has finished.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants