blog.frizn.fr
FrizN - Posts - Posts by tag
http://blog.frizn.fr/posts/tags
6 blog posts, 1 other 0daysober writeup. 1 blog post, 1 external resource. 23 blog posts, 2 other 0daysober writeups, 2 external resources. 19 blog posts, 2 other 0daysober writeups. 22 blog posts, 2 other 0daysober writeups, 2 external resources. 1 other 0daysober writeup. 30 blog posts, 2 other 0daysober writeups, 1 external resource. 1 other 0daysober writeup. 4 blog posts, 1 external resource. 7 blog posts, 1 other 0daysober writeup. Qwn2own - generic browser exploits. PlaidDB - pwn 550.
blog.frizn.fr
FrizN - BKP CTF 2014 - Risc_emu - pwn 100
http://blog.frizn.fr/bkpctf-2014/pwn-100-risc_emu
Risc emu - pwn 100. Risc emu - pwn 100. Zen garden - pwn 300. Comme son nom l'indique, risc emu. Est un petit émulateur de CPU RISC, écrit en C et compilé pour x64. On doit lui donner en entrée un bytecode en base64 qui est ensuite exécuté. L'exécutable est de taille modeste, je ne vais donc pas rentrer dans les détails. Usr/bin/python import socket import base64 import struct HOST = "54.218.22.41" PORT = 4545 CMD = "id ; ls -al ; cat key" s = socket.socket() s.connect( HOST, PORT) re...System plt: diff ...
blog.frizn.fr
FrizN - Posts - All posts
http://blog.frizn.fr/posts
March 2016) qwn2own - generic browser exploits. Vector corruption for browser exploitation. April 2015) PlaidDB - pwn 550. NUL off-by-one in the heap. March 2014) Risc emu - pwn 100. March 2014) Zen garden - pwn 300. December 2013) Poipoi service. October 2013) ELF - RE 400. Crackme Linux feat. ptrace, PLT and GOT. June 2013) Annyong - pwn 4. X64 remote stack overflow. April 2013) Ropasaurusrex - pwn 200. ROP basique sur un stack overflow. April 2013) Pork - pwn 250. April 2013) Servr - pwn 400. January ...
blog.frizn.fr
FrizN - Posts - Most recently published
http://blog.frizn.fr/posts/recent
BKP CTF 2016) qwn2own - generic browser exploits. Vector corruption for browser exploitation. Plaid CTF 2015) PlaidDB - pwn 550. NUL off-by-one in the heap. BKP CTF 2014) Zen garden - pwn 300. BKP CTF 2014) Risc emu - pwn 100. ICTF 2013) Poipoi service. Hacklu 2013) ELF - RE 400. Crackme Linux feat. ptrace, PLT and GOT. Defcon 21 Quals) Annyong - pwn 4. X64 remote stack overflow. PlaidCTF 2013) Servr - pwn 400. X64 kernel SLUB overflow. PlaidCTF 2013) Pork - pwn 250. PlaidCTF 2013) Ropasaurusrex - pwn 200.
blog.frizn.fr
FrizN - FrizN - Bienvenue
http://blog.frizn.fr/fr/site
Extraits des derniers articles publiés. BKP CTF 2016] qwn2own - generic browser exploits. The challenge itself was distributed in this archive. Which contained an x64/PIE/Full RELRO binary of a simple QT-based browser with a custom Javascript extension, "BKPDataBase". Basically, a database object can be used to create and manage data stores (vectors) or keyed stores (maps) as I think their example page illustrates well:. Plaid CTF 2015] PlaidDB - pwn 550. BKP CTF 2014] Zen garden - pwn 300. ICTF 2013] Po...
blog.frizn.fr
FrizN - iCTF 2013 - Poipoi service
http://blog.frizn.fr/ictf-2013/service-poipoi
Listens on port 3335 as a classic accept/fork server. A simple netcat connection displays a menu but the protocol seems a bit more complicated:. The service manages users and POIs (Points of Interest I guess). The child connection handler is execute service():. The vulnerability we exploited was well hidden within a subcall of the help handler, the send pag help function:. Name beginning is only 1 byte and the recv msg call asks for up to 50 bytes, causing a potential stack overflow. This chunk is on...
blog.frizn.fr
FrizN - iCTF 2011 - iCTF 2011 writeups
http://blog.frizn.fr/ictf-2011
Nuit du Hack Public Wargame 2011 writeups. Nuit du Hack Préquals 2012 writeups. Challenge 33 - Forensics 100. File carving de base. Challenge 17 - ASM 133786. Un ASM personnalisé. Challenge 31 - Reverse 150. Challenge 25 - Reverse 150. Patch d'exécutable basique. Challenge 32 - Reverse 250. Challenge 30 - Reverse 500. Challenge 29 - Reverse 800. Python local module import. Heap overflow, function pointer overwrite. Heap overflow, 4-bytes write anywhere. Nuit du Hack Public Wargame 2011 writeups.
blog.frizn.fr
FrizN - FrizN - Welcome
http://blog.frizn.fr/site
BKP CTF 2016] qwn2own - generic browser exploits. The challenge itself was distributed in this archive. Which contained an x64/PIE/Full RELRO binary of a simple QT-based browser with a custom Javascript extension, "BKPDataBase". Basically, a database object can be used to create and manage data stores (vectors) or keyed stores (maps) as I think their example page illustrates well:. Plaid CTF 2015] PlaidDB - pwn 550. Is an x64 stripped executable, compiled with full RELRO, PIE and NX support. It's libc.
blog.frizn.fr
FrizN - FrizN - Welcome
http://blog.frizn.fr/en/site
BKP CTF 2016] qwn2own - generic browser exploits. The challenge itself was distributed in this archive. Which contained an x64/PIE/Full RELRO binary of a simple QT-based browser with a custom Javascript extension, "BKPDataBase". Basically, a database object can be used to create and manage data stores (vectors) or keyed stores (maps) as I think their example page illustrates well:. Plaid CTF 2015] PlaidDB - pwn 550. Is an x64 stripped executable, compiled with full RELRO, PIE and NX support. It's libc.
SOCIAL ENGAGEMENT