Writeup

  • Published on
    Recently, I start to maintain a repo related to 'web-pwn' in the github, which refer to the exploitation of memory-related vulnerabilities within essential web components like browsers, JavaScript runtimes, PHP runtimes, and others.
  • Published on
    This writeup contains an interesting mXSS challenge, named awesome-note-2, from the hack.lu this year.
  • Published on
    This weekend I participated in the SEETF 2023 event. The challenges are in good quality (two needs brute force). And I managed to solve a heap binary compiled with gilibc version 2.35 by abusing the exit handler since malloc_hook and free_hook are removed after 2.34.
  • Published on
    Over the weekend, I made headway with several pwn challenges in Just CTF. One particularly instructive challenge required us to exploit the sqlite3 database using the command-line interface. Confronting and pwning a complex, large binary has always been a struggle for me. To learn from these challenges, I compiled several solutions, specifically focusing on identifying the ideal starting points for such tasks.
  • Published on
    I also participated in the p4 ctf last weekend. I managed to solve two AI-related challenges, reminding me of the materials that I was doing during my undergraduate studies. There is also an interesting blind pwn challenge about fmt and uninitialized read vulnerability.
  • Published on
    At meloCon 2023, I attempted to solve two pwn challenges. The NoRegVM chall has multiple vulnerabilities but turned out that only the fmt vulnerability is exploitable. I utilized the double-staged fmt exploitation again which I just learned from the last week.
  • Published on
    The money-printer-2 challenge is a really interesting format string challenge. It shows a cool fmt exploit technique that leverages chained pointer and brute forcing which I haven't seen before.
  • Published on
    This is the writeup for the umd ctf 2023 which was held by the University of Maryland. They provided a lot of interesting challenges in the Pokemon theme which I really enjoy :>.
  • Published on
    I was delighted to play in the WestLake CTF this year alongside my younger schoolmates and to see their high level of skill despite being only sophomores. Kudos to the younger generation, their future is certainly promising!
  • Published on
    Another writeup for the ReadWorld 2023 CTF. Here are the baby-level and normal-level challenges, but they are actually not easy at all.
  • Published on
    idek2022 has provided several challenges with good quality. The `sprintf` challenge is a 'wired' format string challenge in which I have summarized 3 different impressive approaches. Check them out!
  • Published on
    This is the writeup for the snykCTF 2022 which provided so many interesting web challenges. I take it as an opportunity to learn more about various web security topics which is why I spend time going through all the challenges again. I hope you find this writeup informative and enjoyable!
  • Published on
    Another writeup for the really interesting CTF game I played last weekend! Luckily to find a prototype pollution challenge in the game.
  • Published on
    This blog is the writeup of the two pwn challenges, warmup1 and warmup2, which are provided in the recent Maple CTF 2022. Though they are just warmup, I think they are really interesting and kind of complex in terms of the second one, which are worth evaluation and summary.
  • Published on
    本次比赛的题目质量非常高,但是比较遗憾的是只有一天时间而且在周中,所以在比赛中没有做出来很多题目。幸运的是,比赛结束后环境还会保存一段时间,所以我索性把所有PWN的题目都研究学习一番,希望可以查缺补漏、有所收获。
  • Published on
    本次比赛以Th3ee参赛,最终在1092支参赛队伍取得92名的成绩。比赛的题目整体水平比较偏简单(Crypto, Forensic, Misc)。由于比赛没有PWN的题目,所以我本次比赛主要负责Forensics及其他类型的题目。值得一提的是,我们Th3ee的队标新鲜出炉,快点进来看看吧!
  • Published on
    本文为Arab Security Cyber Wargames 2022比赛的WriteUp。作为阿拉伯国家的CTF比赛,发现中东地区的网络安全氛围也是非常好,交流中可以学习到很多。最终我们在737支参赛队伍排名第67位。 Sometimes you win, sometimes you learn.
  • Published on
    简介: 本文为UACTF 2022比赛的WriteUp。本次还是与NING0121、meishijia一起组队参赛,最终在447支参赛队伍中排名21位。打怪升级中,再接再厉~
  • Published on
    简介: 本文是Deloitte Hacky Holiday比赛的WriteUp,主办方的题目非常有质量而且梯度拉开非常友好。我们最终在2334支参赛队伍中取得了75名的成绩,再接再厉!