Pwn

In this weekend, I solved a interesting memory corruption vulnerability in WebAssembly binary.

Recently, I start to maintain a repo related to 'web-pwn' in the github, which refer to the exploitation of memory-related vulnerabilities within essential web components like browsers, JavaScript runtimes, PHP runtimes, and others.

This weekend I participated in the SEETF 2023 event. The challenges are in good quality (two needs brute force). And I managed to solve a heap binary compiled with gilibc version 2.35 by abusing the exit handler since malloc_hook and free_hook are removed after 2.34.

Over the weekend, I made headway with several pwn challenges in Just CTF. One particularly instructive challenge required us to exploit the sqlite3 database using the command-line interface. Confronting and pwning a complex, large binary has always been a struggle for me. To learn from these challenges, I compiled several solutions, specifically focusing on identifying the ideal starting points for such tasks.

I also participated in the p4 ctf last weekend. I managed to solve two AI-related challenges, reminding me of the materials that I was doing during my undergraduate studies. There is also an interesting blind pwn challenge about fmt and uninitialized read vulnerability.

The money-printer-2 challenge is a really interesting format string challenge. It shows a cool fmt exploit technique that leverages chained pointer and brute forcing which I haven't seen before.

Here is my write-up for the dynamic-allocator-misuse(heap) module of the `pwn.college`. Due to the disclosure agreement, I won't post the full exploit but the PoC code to show the idea of the solutions. Glad to see they are adding more challenging levels at the end. Have fun.

I was delighted to play in the WestLake CTF this year alongside my younger schoolmates and to see their high level of skill despite being only sophomores. Kudos to the younger generation, their future is certainly promising!

Another writeup for the ReadWorld 2023 CTF. Here are the baby-level and normal-level challenges, but they are actually not easy at all.

idek2022 has provided several challenges with good quality. The `sprintf` challenge is a 'wired' format string challenge in which I have summarized 3 different impressive approaches. Check them out!

In this blog, I am going to explain the important concepts of Heap and use the `ptmalloc` in the Glibc 2.31 library as an example. The heap is a beautiful mess :)

This blog is the writeup of the two pwn challenges, warmup1 and warmup2, which are provided in the recent Maple CTF 2022. Though they are just warmup, I think they are really interesting and kind of complex in terms of the second one, which are worth evaluation and summary.

本次比赛的题目质量非常高，但是比较遗憾的是只有一天时间而且在周中，所以在比赛中没有做出来很多题目。幸运的是，比赛结束后环境还会保存一段时间，所以我索性把所有PWN的题目都研究学习一番，希望可以查缺补漏、有所收获。