Hammer of Thor

2015 SANS Holiday Hack Part 1

Dec 25, 2015 • Leander

Description: The first part of the holiday hack required you to log into the Holiday Hack Quest Site.

login

After logging into the game server find Josh Dosis and download the packet capture. Based on your analysis you should be able to see which commands are sent across the Gnome command-and-control channel and extract an image. For this challenge I used wireshark to analyze the traffic and a scapy python script to extract the information I needed from the packet capture. read more

Toddler's Bottle [fd]

Dec 12, 2015 • Leander

Description: [fd] is a 1 point challenge hosted on the online wargame site pwnable.kr. The challenge involves understanding file descriptors and a little bit of C code. A login is required to be able to access the challenges because the site keeps score between competitiors that are registered and undergoing challenges. read more

Vortex Level 2

Oct 22, 2015 • Natri

This is a solution guide to the Vortex Level 02 at overthewire. This write-up was created on 21 October 2015.

read more

Vortex Level 1

Oct 21, 2015 • Natri

This is a solution guide to the Vortex Level 01 at overthewire. This write-up was created on 21 October 2015. read more

Narnia Level 3

Oct 12, 2015 • Leander

This is a solution guide to the Narnia3 Level at overthewire. This write-up was created on 12 October 2015.

Challenge Description: Narnia3 requires the attacker to take advantage of a strcpy() vulnerability which does not have any bounds checking. Since the strcpy() is executed blindly it creates a situation where the user can overwrite the buffer affecting all the variables in main. read more

Narnia Level 2

Oct 10, 2015 • Leander

This is a solution guide to the Narnia2 Level at overthewire This write-up was originally created on 28 February 2015.

Challenge Description: Narnia2 is another buffer overflow vulnerable program. This challenge builds on Narnia0 and Narnia1 where an attacker must determine the proper buffer overflow offset and place shellcode in a location that is known. This allows an attacker to execute arbitrary code. read more

Narnia Level 1

Oct 2, 2015 • Leander

This is a solution guide to the Narnia1 Level at overthewire This write-up was first created on 27 February 2015.

Challenge Description: Narnia1 requires the attacker to take advantage of an environment variable called EGG. Essentially, this program will search for this specific enironment variable and then attempt to execute whatever the variable holds. The goal here is to place executable shellcode inside an environment variable. read more