Published onApril 29, 2024AOFCTF '24 - Misc - Ba-Sing-Semiscaofctfpyjaileval-in-evalUsing eval inside an eval to build a python code using chr functionRead more →
Published onApril 29, 2024AOFCTF '24 - Misc - Shushmiscaofctfbash-jailblind$0Using $0 to spawn a shell, then using od to convert output to decimal, then parsing the output.Read more →
Published onApril 29, 2024AOFCTF '24 - Pwn - Panelpwnaofctfpointer-overwritedereference-leakret2libcOverflowing a buffer in a pointer which overwrites the pointer, giving us an arbitrary read, then utilizing pointer dereferencing to leak libc value from GOT and performing a simple ret2libc.Read more →
Published onApril 29, 2024AOFCTF '24 - Pwn - Popeyepwnaofctfarmret2libcGiven a libc leak, perform a ret2libc on ARM64.Read more →
Published onApril 29, 2024AOFCTF '24 - Pwn - BabysbxpwnaofctfseccompmovsandboxsyscallBypassing Seccomp rules and instructions check to read the flag file. No mov, no syscall/int 0x80, sysenter allowed.Read more →