kylebot's Blog

Man's Search for Pwning

0%

Introduction

Last week, I played DEFCON quals with my team Shellphish. We managed to get to 10th place worldwide and qualified for DEFCON Final this year. Good job everyone! More importantly, this is the 16th year that Shellphish gets qualified for DEFCON Final consecutively in a row. What can I say? It’s just amazing.
During the CTF, I contributed to the solution of baby-a-fallen-lap-ray(or, parallel-af-yan). After we solved it, I started looking at mooosl, which is a heap challenge with musl[1] libc. When I started to look at the challenge seriously, there were only 6 hours left. At the end of the CTF, I almost got everything, just needed some time to finish it off.
In fact, after the CTF, it only took me 2.5 more hours to finally get the flag. So sad.
So, in this blog, I’m going to talk about how to solve the challenge and help myself remember how musl‘s mallocng allocator works.

Read more »

Introduction

Despite I’ve been insanely busy recently, I still decided to play WCTF for bit and managed to solve one challenge called machbooks.
As the name suggests, it is a Mach-O challenge. Mach-O is the binary format on macOS(like ELF on Linux). Mach-O challenges are rare in CTF community. So, it intereted me the moment I saw the challenge name (In fact, I didn’t plan to play the CTF at all, lol).
Because of the rarity of Mach-O challenges, some CTF-ready tools do not work on the binary format and not many people know how to deal with Mach-O binaries at all. Those may be the reasons why there was only one solve during the game.
Luckily, I was exposed to Mach-O by a challenge called applepie during 0CTF-2019. And that experience gave me an edge to finish the only solve to the challenge during the game.

Read more »

Introduction

I played 0CTF as a member of Shellphish last weekend. The CTF was pretty awesome and gave me a lot of excitement. I learned about v8 hacking by solving the Chromium RCE challenge and about PHP internals by wasting my time on Baby Bypass. Overall, I’m pretty satisfied with the experience in the CTF.
The only imperfection is that I didn’t manage to pull off One Line JS in time before the game ended. In fact, I solved it in 3 hours after the game ended.
One Line JS is a very interesting challenge about pwning a small real-world javascript engine. Although it is “small”, it still consists of more than 10 thousand lines of code, which is daunting for a 48h CTF. And I guess that’s the reason it only got 1 solve during the game.

Read more »

2020-07-01

Created my blog. Not perfect, but it is mine.