Skip to content

Latest commit

 

History

History
 
 

pwnable

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
0001_2017_Meepwn_anotherarena
0001_2017_Meepwn_anotherarena
 
 
0002_2017_HUST_RR2L
0002_2017_HUST_RR2L
 
 
0003_2017_HUST_wind
0003_2017_HUST_wind
 
 
0004_2017_0ctf_babyheap
0004_2017_0ctf_babyheap
 
 
0005_2017_0ctf_EasiestPrintf
0005_2017_0ctf_EasiestPrintf
 
 
0006_2017_bkp_memo
0006_2017_bkp_memo
 
 
0007_2016_openCTF_tyroheap
0007_2016_openCTF_tyroheap
 
 
0008_2017_0ctf_diethard
0008_2017_0ctf_diethard
 
 
0009_2017_bctf_bcloud
0009_2017_bctf_bcloud
 
 
0010_2017_RCTF_aiRcraft
0010_2017_RCTF_aiRcraft
 
 
0011_2017_h3x0r_MicForPwn
0011_2017_h3x0r_MicForPwn
 
 
0012_2017_bugsbunny_pwn50
0012_2017_bugsbunny_pwn50
 
 
0013_2017_bugsbunny_pwn100
0013_2017_bugsbunny_pwn100
 
 
0014_2017_bugsbunny_pwn150
0014_2017_bugsbunny_pwn150
 
 
0015_2017_bugsbunny_pwn200
0015_2017_bugsbunny_pwn200
 
 
0016_2017_bugsbunny_pwn250
0016_2017_bugsbunny_pwn250
 
 
0017_2017_bugsbunny_pwn300
0017_2017_bugsbunny_pwn300
 
 
0018_2017_SHA_Megan35
0018_2017_SHA_Megan35
 
 
0019_2017_SHA_echoservice
0019_2017_SHA_echoservice
 
 
0020_2015_32C3_teufel
0020_2015_32C3_teufel
 
 
0021_2015_MMA_RPS
0021_2015_MMA_RPS
 
 
0022_2017_TWCTF_JustDoIt
0022_2017_TWCTF_JustDoIt
 
 
0023_2017_Asis_MrsHudson
0023_2017_Asis_MrsHudson
 
 
0024_2017_Asis_GregLestrade
0024_2017_Asis_GregLestrade
 
 
0025_2017_Hacklu_bit
0025_2017_Hacklu_bit
 
 
0026_2017_Hacklu_exam
0026_2017_Hacklu_exam
 
 
0027_2017_Hacklu_HeapHeaven
0027_2017_Hacklu_HeapHeaven
 
 
README.md
README.md
 
 

README.md

Pwnable Challenges

  • 2017 Meepwn anotherarena
    • not working yet
  • 2017 HUST RR2L
    • solved but not working yet
  • 2017 HUST wind
    • solved but not working yet
  • 2017 0ctf babyheap
    • x86-64 | FULL RELRO | NX | PIE
    • heap (overlay fast bin and small bin)
  • 2017 0ctf EasiestPrintf
    • TODO: there is execution problem
    • i386 application running on debian
    • FSB
    • printf malloc, free condition (width)
  • 2017 BostonKeyParty memo
    • x86-64 | FULL RELO | NX
    • heap (fast bin)
    • logic bug to leak the libc address
  • 2016 openCTF tyro_heap
    • i386 | NX
    • heap buffer overflow
    • overwrite function pointer
  • 2017 0ctf diethard
    • x86-64 | NX
    • custom heap (?)
  • 2016 bctf bcloud
    • i386 | NX
    • heap (House of force)
    • leak by got overwritten
  • 2017 RCTF aiRcraft
    • amd64 | NX | PIE | Partial Relro
    • Heap Exploit
    • double-free
    • use-after-free
    • overwritten function ptr
  • 2017 h3x0r mic for pwn
    • i386 | NX | SSP
    • Format String Bug (FSB)
    • Leak memory by SSP
  • 2017 bugsbunny Pwn50
    • Simple Pwnable Challenge
  • 2017 bugsbunny Pwn100
    • i386
    • return to shellcode
  • 2017 bugsbunny Pwn150
    • x86_64 simple stack bof
    • gdb : set follow-fork-mode [child | parent]
  • 2017 bugsbunny Pwn200
    • overwrite got
  • 2017 bugsbunny Pwn250
    • 64bit One-shot gadget
    • rdi, rsi, edx
  • 2017 bugsbunny Pwn300
    • tired to make the shellcode.... :(
    • 64bit shellcode
    • Alphanumeric shellcode
  • 2017 SHA Megan-35
    • Megan-35 encoder
    • FSB
    • one-shot gadget in 32bit libc
  • 2017 SHA Echo Service
    • amd64 | FULL RELRO | NX | SSP | PIE
    • Object-c
    • FSB (but Object-c version)
    • construct fake frame
  • 2015 32C3 teufel
    • Virtual Memory Privilege
    • Stack overflow/underflow
  • 2015 MMA RPS
    • overwrite random seed
    • Pwntools(ctypes)
  • 2017 TWCTF Just Do It
    • 32bit ELF
    • overwrite local variable
  • 2017 Asis Mrs. Hudson
    • 64bit ELF
    • 64bit ROP Gadget
  • 2017 Asis Greg Lestrade
    • 64bit ELF
    • integer overflow
    • format string
  • 2017 hack.lu - bit
    • x86_64 ELF
    • mprotect
    • call table
  • 2017 hack.lu - exam
    • x86_64 ELF
    • House of Einherjar
  • 2017 hack.lu - HeapHeaven
    • x86_64 ELF
    • leak using FD in heap
    • overwrite malloc hook