seccon 2018 - q-escape

Just like babyqemu and SCSI I did not play this ctf and probably wouldn’t have been able to complete this challenge in time even if I did. Me and a couple teammates did these as exercise and I wanted to document the methods and analysis.

RealworldCTF 2018 - SCSI

Just like babyqemu and q-escape I did not play this ctf and probably wouldn’t have been able to complete this challenge in time even if I did. Me and a couple teammates did these as exercise and I wanted to document the methods and analysis.

Hitb 2017 - Babyqemu

Before we start I just want to say that I did not play this ctf and probably wouldn’t have been able to complete this challenge in time even if I did. Me and a couple teammates did this, SCSI and q-escape as exercise and I wanted to document the methods and analysis.

BlizzardCTF 2017 - Strng

Points: Legendary Solves: 0 Category: Exploitation Description: Blizzard CTF 2017: Sombra True Random Number Generator (STRNG) Sombra True Random Number Generator (STRNG) is a QEMU-based challenge developed for Blizzard CTF 2017. The challenge was to achieve a VM escape from a QEMU-based VM and capture the flag located at /root/flag on the host. The image used and distributed with the challenge was the Ubuntu Server 14.04 LTS Cloud Image. The host used the same image as the guest. The guest was reset every 10 minutes and was started with the following command: ./qemu-system-x86_64 -m 1G -device strng -hda my-disk.img -hdb my-seed.img -nographic -L pc-bios/ -enable-kvm -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22 Access to the guest was provided by redirecting incoming connections to the host on port 5555 to the guest on port 22.

DefconQuals 2018 - EC3

Points: 150 Solves: 27 Category: Exploitation Description:

TokyoWesterns 2017 - Parrot

Points: 267 Solves: 9 Category: Exploitation Description:

BCTF 2017 - PoisonousMilk

Points: 500 Solves: 21 Category: Exploitation Description: Do you know Huang Xudong? Let me show you his power.

0ctf Quals 2017 - BabyHeap2017

Points: ~275 Solves: ~30 Category: Exploitation Description: Let’s practice some basic heap techniques in 2017 together!

Mental Snapshot - _int_free and unlink

Summary

Kernel Exploitation for Dummies

Introduction