02
Oct
2011

RWTH-CTF 2011 ps3game

Introduction

The ps3game.c program looks pretty simple to exploit: it receives code from the network, executes it, and sends back the response. So… just send your shellcode and you’re done, right?

Not quite :-)
{Read More}

01
Oct
2011

RWTH-CTF 2011 mysocksd

The vulnerability

The mysocksd binary is a SOCKS5 proxy written in C++. The binary is vulnerable
to an integer overflow when using SOCKS5′s feature of connecting to a remote
host by specifying a domain name. The domain name length is specified using a
single byte which gets overflown when set to ‘\xff’. This in turn leads to a
heap overflow. So, suspecting a classic unlink attack, we first check where it
crashes. :-)
{Read More}