Full Disclosure mailing list archives
Hack.LU 2013 CTF Wannabe challenge writeup
From: Arne Swinnen <contact () arneswinnen net>
Date: Sat, 2 Nov 2013 18:18:02 +0100
Hi all, I made an extensive writeup of one of the harder challenges of the Hack.lu CTF, held one week ago. It involves two major phases: one web exploitation phase (SQL Injection, Preg_replace code exec, PHP loose typing) and one buffer overflow exploitation phase (Linux x64 - Return Oriented Programming approach) of a custom binary. You can find the full writeup here: http://www.arneswinnen.net/2013/11/hack-lu-2013-ctf-wannabe-writeup-part-one-web-exploitation/ http://www.arneswinnen.net/2013/11/hack-lu-2013-ctf-wannabe-writeup-part-two-buffer-overflow-exploitation/ Cheers, Arne
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Hack.LU 2013 CTF Wannabe challenge writeup Arne Swinnen (Nov 03)