Gera's Insecure Programming warming up stack #1 (ROP NX/ASLR Bypass)

I started gera’s exercises on format strings vulnerabilities. I am going to start on the stack next. This post will be my first ROP practice and it was fun :). The main purpose of “warming up the stack” exercises is to just bypass the canary. However, I wanted to make it harder and get a shell out of it.

CSAW CTF: Munchbrunch Writeup


CSAW CTF: Networking 1 Writeup

This challenge provided a pcap file and the question ‘‘What am I searching for?”.  A hint dropped in the irc channel by hockeyinjune helped us to look in the right place.

CSAW CTF: Inchbinge Writeup

#Web 400

CSAW CTF: BluesNews Writeup

For Web Challenge 300, you were presented with a news website, BluesNews.

CSAW CTF Exploitation bin2 Solution

This past weekend, the ISIS lab held CSAW CTF quals. For more information about the event see:

Smashing the Stack on FreeBSD

Here’s a simple program to illustrate a stack smash.

Gera's Insecure Programming Format String #5 (ASLR Bypass)

This post is long overdue. I decided to step it up from FreeBSD to Debian. The last format string challenge from gera is a vanilla format string. You can find this challenge here.