Ret2win

All Posts

ctf (30)
writeup (22)
pwn (21)
web (13)
aupctf (11)
aofctf (9)
nedctf (7)
amateurctf (6)
amateurctf23 (6)
rev (5)
htb (4)
cyber-apocalypse (4)
buffer-overflow (4)
x64 (4)
fsb (3)
printf (3)
heap (3)
elf (3)
brute-force (3)
stegnography (3)
pcc (3)
format-string (2)
dev-notes (2)
memfd_create (2)
fexecve (2)
canary (2)
lfi (2)
flask (2)
misc (2)
ret2libc (2)
forensics (2)
magic-bytes-fixing (2)
bit-shifting (2)
sqli (2)
login-bypass (2)
ret2win (2)
jwt (2)
pucon (2)
userspace (2)
0 (1)
ctf-techs (1)
guides (1)
docker (1)
deployment (1)
windows-api (1)
c (1)
screenshot (1)
bmp (1)
pwnabletw (1)
tcache (1)
tcache-dup (1)
double-free (1)
unsorted-bin-attack (1)
fake-chunk (1)
free-hook-overwrite (1)
elfcrafting-v1 (1)
elfcrafting-v2 (1)
shellcode (1)
asm (1)
rntk (1)
random-number (1)
latex (1)
pdftex (1)
integer-overflow (1)
pyjail (1)
eval-in-eval (1)
bash-jail (1)
blind (1)
pointer-overwrite (1)
dereference-leak (1)
arm (1)
seccomp (1)
mov (1)
sandbox (1)
syscall (1)
thread-stack-overflow (1)
tls (1)
pthread (1)
master-canary-overwrite (1)
srop (1)
read (1)
off-by-one (1)
kingsman (1)
john-the-ripper (1)
hashcat (1)
custom-wordlist (1)
arcane (1)
jinx (1)
deep (1)
deep-sound (1)
audio-forensics (1)
iron-man (1)
obfuscated (1)
csrf (1)
directory-searching (1)
django (1)
http-headers (1)
source-code-analysis (1)
archiveorg (1)
snapshot (1)
wayback-machine (1)
blackhat (1)
blackhatmea (1)
blackhatmea23 (1)
interger-overflow (1)
leak (1)
aslr-bypass (1)
oob-write (1)
return-address-overwrite (1)
fsb-to-rop (1)
word-macro (1)
js (1)
hta (1)
powershell (1)
unsorted-bin (1)
self-decryption (1)
angr (1)
pie (1)
leaks (1)
offset (1)
variable-overwrite (1)
auth-bypass (1)
ssrf (1)
file-inclusion (1)
weak (1)
weak-signing-key (1)
shift (1)
reversing (1)
windows (1)
kernel (1)
driver (1)
sbox (1)
intio (1)
python (1)
pyarmor (1)
gdb (1)
uaf (1)
chunk-reuse (1)
pie-bypass (1)
printf-leak (1)

Published on
February 17, 2024
PUCon' 24 - Userspace - Palate
pucon userspace ctf pwn pie-bypass printf-leak ret2win
Utilizing Format String Vulnerability to leak the address of PIE and then a simple Ret2Win with args.
Published on
July 3, 2023
NED CTF'23 - Pwn - Return
ctf pwn nedctf writeup buffer-overflow x64 ret2win
A simple x64 ret2win challenge.

Ret2win

ret2win (2)

PUCon' 24 - Userspace - Palate

NED CTF'23 - Pwn - Return