Published onApril 29, 2024AOFCTF '24 - Misc - Ba-Sing-Semiscaofctfpyjaileval-in-evalUsing eval inside an eval to build a python code using chr function
Published onApril 29, 2024AOFCTF '24 - Misc - Shushmiscaofctfbash-jailUsing $0 to spawn a shell, then using od to convert output to decimal, then parsing the output.
Published onApril 29, 2024AOFCTF '24 - Pwn - Panelpwnaofctfpointer-overwritedereference-leakret2libcOverflowing a buffer in a pointer which overwrites the pointer, giving us an arbitrary read, then utilizing pointer dereferencing to leak libc value from GOT and performing a simple ret2libc.
Published onApril 29, 2024AOFCTF '24 - Pwn - Popeyepwnaofctfarmret2libcGiven a libc leak, perform a ret2libc on ARM64.
Published onApril 29, 2024AOFCTF '24 - Pwn - BabysbxpwnaofctfseccompshellcodesandboxBypassing Seccomp rules and instructions check to read the flag file. No mov, no syscall/int 0x80, sysenter allowed.