Tuesday, March 25, 2014

Exploits for recent pwning CTF tasks published

During the run time of any jeopardy CTF, I (j00ru) am always looking for pwning tasks to solve, due to my obvious interest in low-level vulnerability hunting and exploitation techniques. As a result, I usually end up allocating many of the tasks related to native software security to myself; on the other hand, I rarely have the time to create detailed write-ups on how the challenges are solved. In order to avoid a situation where all of my exploits only consume disk space but are never useful to anyone but me for as long as the CTF runs, I decided to publish some of them (recent ones that I was able to easily locate) in their raw form, without commentary other than the comments in Python code. While not very interesting to those who would like to enjoy a nice, technical afternoon read, I still believe the exploits might be of some use to those who tried but didn't manage to complete the tasks or players looking for different methods and techniques to include in their hacking arsenal.

Without further ado, the exploits are as follows:

Hack.lu CTF (2013)

Brezelparadisebackmaschine (Exploitation 500)

30C3 CTF (2013)

cwitscher (Exploitation 350)

Ghost in the Shellcode (2014)

gitsmsg (Exploitation 299)
Byte Sexual (Exploitation 600, with gynvael)

HackIM (2014)

Level 1 (Exploitation 100)
Level 2 (Exploitation 200)
Level 3 (Exploitation 300)
Level 4 (Exploitation 400)

Olympic CTF Sochi (2014)

echof (Exploitation 300)

Boston Key Party CTF (2014)

fruits (Exploitation 100, with redford)
jailbreak (Exploitation 400)

Insomni'hack CTF (2014)

bender (Exploitation 400)
domowars (Exploitation 600, with mak)


1 comment:

  1. First of all, thanks for publishing! And one question - do you have more exploits from Ghost In The Shellcode 2014? Regards,