21
Apr
2014

PlaidCTF 2014 – harry_potter [300]

For PlaidCTF2014, Eindbazen and fail0verflow joined forces as 0xffa, the Final Fail Alliance. Don’t miss out on other write-ups at fail0verflow’s site!

The harry_potter pwnable is a network service that does not appear to do a whole lot:

$ nc 54.198.150.4 666
If you guess the password, I will give you a reward!

Running the binary in strace shows what is going on:
{Read More}

26
Feb
2012

CODEGATE 2012 – Vuln 500

Vuln500 is a basic format string vulnerability, which is made slightly more interesting by the fact that no functions are called after the printf() call. Dtors are also not called and ASLR is enabled.

{Read More}