InCTF 2017: stupidrop Writeup

Challenge Author: sherl0ck This challenge was originally meant to be solved using srop (SigReturn Oriented Programming). But it ended up having a bug with which it was possible to directly invoke the execve syscall. This write-up will be focusing on solving the challenge using srop. As usual, let's start off by checking the permissions of the given binary.... Continue Reading →


InCTF 2017: gryffindor pwn Writeup

Challenge Author - 4rbit3r The binary that was given was a 64-bit, dynamically linked unstripped one. Checking it's permissions - CANARY : ENABLED FORTIFY : disabled NX : ENABLED PIE : disabled RELRO : Partial Okay, nothing out of the ordinary here. The program is a standard menu driven program to add, delete and edit... Continue Reading →

InCTF 2017: warm_heap pwn Writeup

Author: 4rbit3r Hello, this was a nice challenge from InCTF 2017, let's see how to get the exploit working. As usual, running checksec on the binary gives: Nothing much here, let us look at the program itself. It is a menu driven program with some basic functionalities: Add note Edit note Remove note View note These... Continue Reading →

InCTF 2017 : sort Writeup

Author: sherl0ck This CTF was organized by bi0s itself and was the first international edition of InCTF. The binary was a 32-bit, statically linked and unstripped. Here are it's permissions - CANARY : disabled FORTIFY : disabled NX : ENABLED PIE : disabled RELRO : Partial The executable was basically implementing a bubble sort algorithm. The sort... Continue Reading →

InCTF 2017 : Browse? Writeup

Challenge created by sh1v First of thanks to Jim Shaver as the challenge was inspired from this blog. Initially we have a memory dump. On analysing it in volatility using imageinfo plugin we get to know that the memory dump is of Windows 7. Then on further analysis of the processes listed using the pslist... Continue Reading →

InCTF 2017: Warmup Pwn Writeup

Author: sg004 This was a simple challenge made to make the solver think. Hope you had fun doing it! 🙂 Let us first look at the protections enabled on the binary: NX is enabled so shellcode injection is not possible. The buffer overflow is apparent from the disassembly. There is a read call of 0x80... Continue Reading →

SEC-T CTF: G1bs0n Writeup

Solved by sh1v and sherl0ck First of all kudos to the admins for conducting such a great CTF. The challenges were really cool and we had loads of fun solving them. Now getting to this particular challenge, we were given a 326 MB file, which when unpacked, amounted to about 1.1 GB. We were told... Continue Reading →

CSAW Quals 2017: Zone Writeup

In this challenge we were given 64 bit, dynamically linked, stripped LSB executable. First let's take a look at the protections enforced on the binary : gdb-peda$ checksec CANARY : ENABLED FORTIFY : disabled NX : ENABLED PIE : disabled RELRO : Partial Okay, so only Canary and NX. Now coming to the binary ,... Continue Reading →

Blog at

Up ↑