IT Security

Writeup for Pwnable.tw #6

Introduction During christmas, I had some spare time, decided to give pwnable.tw another try and began solving challenge #6: You can connect to a service using nc chall.pwnable.tw 10101 The service binary dubblesort and its libc are available for download Your goal is to send malicious input and spawn a shell So, let’s connect to […]

Writeup for Pwnable.tw #4

Introduction Last reversing CTF was so much fun, I started directly with the next challenge. For me, it was a very hard one and it took me several weeks (although I recognized, after reading other peoples solutions my approach was far too complex ;). Nevertheless, it is still interesting and I want to describe the […]

Writeup for Pwnable.tw #3

Introduction On our last hackathon, Malfunction, Scotch and me tried to beat several CTFs. This article sums up the results of challenge #3 on pwnable.tw. The basic settings are: A calculator service runs on chall.pwnable.tw, port 10100. The corresponding calc binary can be downloaded for analysis. Send malicious input to the calculator to spawn a […]

LoadLibrary and the PE Loader

I recently stumbled upon an interesting behaviour of the PE loader. Before releasing a new Hyperion version, I usually test it with several executables on different Windows platforms. In my old XP VM, everything went fine. Therefore, I started a Windows 7 instance and encrypted calc.exe with the following command: The options k and s […]

Scroll to top