Dec 25, 2015 Leander
Description: The first part of the holiday hack required you to log into the Holiday Hack Quest Site.
After logging into the game server find Josh Dosis and download the packet capture.
Based on your analysis you should be able to see which commands are sent across the Gnome command-and-control channel and extract an image. For this challenge I used wireshark to analyze the traffic and a scapy python script to extract the information I needed from the packet capture.
read more
Dec 12, 2015 Leander
Description: [fd] is a 1 point challenge hosted on the online wargame site pwnable.kr. The challenge involves understanding file descriptors and a little bit of C code. A login is required to be able to access the challenges because the site keeps score between competitiors that are registered and undergoing challenges.
read more
Oct 22, 2015 Natri
This is a solution guide to the Vortex Level 02 at overthewire. This write-up was created on 21 October 2015.
read more
Oct 21, 2015 Natri
This is a solution guide to the Vortex Level 01 at overthewire. This write-up was created on 21 October 2015.
read more
Oct 12, 2015 Leander
This is a solution guide to the Narnia3 Level at overthewire. This write-up was created on 12 October 2015.
Challenge Description: Narnia3 requires the attacker to take advantage of a strcpy() vulnerability which does not have any bounds checking. Since the strcpy() is executed blindly it creates a situation where the user can overwrite the buffer affecting all the variables in main.
read more
Oct 10, 2015 Leander
This is a solution guide to the Narnia2 Level at overthewire This write-up was originally created on 28 February 2015.
Challenge Description: Narnia2 is another buffer overflow vulnerable program. This challenge builds on Narnia0 and Narnia1 where an attacker must determine the proper buffer overflow offset and place shellcode in a location that is known. This allows an attacker to execute arbitrary code.
read more
Oct 2, 2015 Leander
This is a solution guide to the Narnia1 Level at overthewire This write-up was first created on 27 February 2015.
Challenge Description: Narnia1 requires the attacker to take advantage of an environment variable called EGG. Essentially, this program will search for this specific enironment variable and then attempt to execute whatever the variable holds. The goal here is to place executable shellcode inside an environment variable.
read more