googleCTF Beginner Reversing

Failures aren’t the stepping stones to success they’re just stones you’re the one who decides to step them - jones Analysis This is a simple reversing challenge, we need to find the correct flag. The challenge binary has two conditions which prints SUCCESS if the correct flag is passed and it prints FAILURE if its wrong. we can simulate this pretty easy with angr and find the flag Decompilaton And looking at the decompilation we see a string compare statement which shows the string we’re looking for is 16 characters
Read more →

Ropemporium callme 64bit

“Failure is not an option” Important note > To dispose of the need for any RE I’ll tell you the following You must call the callme_one(), callme_two() and callme_three() functions in that order, each with the arguments 0xdeadbeef, 0xcafebabe, 0xd00df00d e.g. callme_one(0xdeadbeef, 0xcafebabe, 0xd00df00d) to print the flag. For the x86_64 binary double up those values, e.g. callme_one(0xdeadbeefdeadbeef, 0xcafebabecafebabe, 0xd00df00dd00df00d) The challenge files can be found here ~> callme
Read more →

Ropemporium split 64bit

Challenge description > In this challenge the elements that allowed you to complete the ret2win challenge are still present, they’ve just been split apart. Find them and recombine them using a short ROP chain. The binary can be found here ~> split This challenge is slighty different from the previous challenge as the description says all elements are still present they’ve just been split apart so we’ll recombine them now :)
Read more →

Ropemporium ret2win 64bit

What is return oriented programming ? Return-oriented programming (ROP) is a computer security exploit technique that allows an attacker to execute code in the presence of security defenses such as executable space protection and code signing. In this technique, an attacker gains control of the call stack to hijack program control flow and then executes carefully chosen machine instruction sequences that are already present in the machine’s memory, called “gadgets”. Each gadget typically ends in a return instruction and is located in a subroutine within the existing program and/or shared library code.
Read more →