Another challenge that I’ve missed during the CTF was the scgmagick challenge rated for 100 points. Solution is very easy, but required some trial and error. Let’s take a look.

Last task from the Rop Emporium challenges and the last post. Today we’re going to explore something called Universal Gadget, that will allow us to use three parameters to functions calls, when we do not have any useful gadgets available to us.

BsidesSF was a great CTF, but as I could not finish many tasks withing the duration of the competition, I decided to come back to the ones with which I struggled the most. Here’s my write up for sequel, which is cool web challenge rated 200 points.

In this challenge from ROP Emporium, our stack space is quite limited and we have to find a way to pivot the payload somewhere else in the binary. Our goal is to call ret2win function, which is located in libpivot.so shared object.

Today we’re going to do another machine from Vulnhub called WebDeveloper: 1. Once again we have to get the flag from /root/flag.txt directory. Easy machine with mostly generic types of exploitation, but still had a lot of fun with it.