Hack.lu CTF 2017 Indianer Write Up

Vaughn Valle

Oct 21, 2017 — 1 min read

This is a writeup of the Indianer challenge from Hack.lu 2017

The challenge was tagged Web/Pwn.

Initially, the challenge included a binary and a link to a regular website that had a "super secret" backdoor.

After downloading and unzipping, we noticed the .so file header on the binary, indicating that it was a shared object. This meant it was a small part of a code base that we did not have access to. There was also nothing that could be executed within the file meaning dynamic analysis was not a plausible strategy. Fortunately, after opening the file in Binary Ninja we uncovered a few key points that brought forth some clarity.

The binary was loaded before libc to overwrite the strlen function. Analyzing the control flow of strlen revealed the abnormality and exploit.

Disassembly

Kraken - TUCTF

Unleash the Kraken

hateful

This post is a write-up for the pwn.hateful challenge in Nullcon Goa HackIM 2025 CTF. root@72f9eb9e3ebc:/chal/NULLCON/hateful# ./ld-linux-x86-64.so.2 --library-path . ./hateful My Boss is EVIL!!! I hate my Boss!!! These are things you really want to say to your Boss don't you? well

hateful2

This post is a write-up for the pwn.hateful2 challenge in Nullcon Goa HackIM 2025 CTF. root@72f9eb9e3ebc:/chal/NULLCON/hateful2# ./ld-linux-x86-64.so.2 --library-path . ./hateful2 _______ _________ _______ _______ _ _______ |\ /|( ___ )\__ __/( ____ \( ____ \|\ /|( \ / ___ ) | ) ( || ( ) | ) ( | ( \/| ( \/| ) ( || ( \/ ) | | (___) || (___) | | | | (__ | (__ | | | || | / ) | ___ || ___ | | |

A lone flag meanders along it's merry way into the clutches of the merciless CTF player

PowerPlay

By Smallfoot Feb 1, 2025

Disassembly

Read more

Kraken - TUCTF

hateful

hateful2

PowerPlay