UIUCTF 2023 Challenge Writeups (1x rev, 4x crypto, 2x pwn)

Рет қаралды 1,468

SloppyJoePirates CTF Writeups

Күн бұрын

Пікірлер: 12

@SloppyJoePirates Жыл бұрын

Correction 1: For zapps-1, it's a hardlink, not a symlink. Thanks @zhuyifei1999!

@perschrijver8884 Жыл бұрын

Congrats on 100 videos! Thanks for another great one :D

@kampet3438 Жыл бұрын

I really enjoyed "zapping setuid1" as well! Truly a nice challenge :)

@MelarDev Жыл бұрын

underrated YT channel, keep it up!

@ttrss Жыл бұрын

really interesting approach to the vm challenge

@ap425q Жыл бұрын

Hey could you solve vmwhere2 with the same approach as vm1 it should work right 🤔?

@davemonaco1 Жыл бұрын

No, the approach will probably not work for vmwhere2. The reason is that the check in vmwhere2 always processes the whole flag and gathers comparisions in a mask. basically loop over the input and do mask |= input[i]^encrypted[i], if mask is 0 the input is fine. but number of executed instructions will not vary drastically.

@SloppyJoePirates Жыл бұрын

(What @davemonaco1 said)

@daniel01045 Жыл бұрын

hmm my comment got deleted but basically you can massively improve the efficiency of the bruteforce on vmwhere one by just using send instead of sendline and bruting byte by byte. If it hangs then you got the right character, if it terminates, then obviously you got the wrong char. I managed to get the flag this way in about 10 seconds.

@SloppyJoePirates Жыл бұрын

Oh interesting, thanks!

@davemonaco1 Жыл бұрын

Nice writeups, as always. For Zapping Setuid1: I found that most of the options can be removed. Minimal set is to specify the entry and output: "gcc shell.c -o ld-linux-x86-64.so.2 -e main" worked all fine for me

@SloppyJoePirates Жыл бұрын

Hey @davemonaco1! Oh nice, way simpler! Strange, I wonder why I was having issues with stack canaries? Maybe I had multiple things wrong and I just thought it was stack canaries