tl;dr

• Execute shellcode on parent and write to child’s memory using /proc/<pid of child>/mem
• Overwrite return address of child with execve shellcode and pop shell.

tl;dr

• Challenge involves Reversing, Web, and Crypto
• Reverse the binary to get the endpoints
• Trigger the XSS bug in the website and get admin cookie
• Use Hash Length extension attack to get authenticated as admin and get the flag

tl;dr

• Challenge is a Nintendo GameBoy ROM image.
• Reverse the ROM and figure out the implementation
• Analyze the calling function’s checks to find the path along which we must move.

tl;dr

• Extract higher bits of secret using input manipulation
• Extract lower bits of secret using the highers bits and input manipulation

A brief write-up detailing solutions of Reversing Challenges from InCTF Internationals 2020

A brief write-up of the intended solution of P1ayground challenge from InCTF Internationals 2020

tl;dr

• Challenge is based on function hooking at runtime.
• On reversing you will find 4 functions at the same address but executing different code(basically hooked at runtime).
• Jump inside each function, reverse the algorithms to pass the checks.
• Ignore the FAKE flag check.

tl;dr

• Passing corrupted ciphertext to get the symmetric key leak
• Fastbin link corruption
• Exploiting double free and UAF in the heap

tl;dr

• Use format String to get into secret service.
• Get libc leaks by overwriting mapped bit of a free chunk.
• Overwrite the Thread Local Block , thus overwriting canary to get buffer overflow.

tl;dr

• Extract keylogger script from the memory dump.
• Extract the master key from the packet capture.
• Reverse the script to get the flag.

tl;dr

• Extract key from the admin by STARTTLS downgrade on the message
• Deserialize using references to get next phase
• Deserialization to RCE to get flag