uaf.io

Just like babyqemu and SCSI I did not play this ctf and probably wouldn’t have been able to complete this challenge in time even if I did. Me and a couple teammates did these as exercise and I wanted to document the methods and analysis.

Just like babyqemu and q-escape I did not play this ctf and probably wouldn’t have been able to complete this challenge in time even if I did. Me and a couple teammates did these as exercise and I wanted to document the methods and analysis.

Before we start I just want to say that I did not play this ctf and probably wouldn’t have been able to complete this challenge in time even if I did. Me and a couple teammates did this, SCSI and q-escape as exercise and I wanted to document the methods and analysis.

Points: Legendary Solves: 0 Category: Exploitation Description: Blizzard CTF 2017: Sombra True Random Number Generator (STRNG) Sombra True Random Number Generator (STRNG) is a QEMU-based challenge developed for Blizzard CTF 2017. The challenge was to achieve a VM escape from a QEMU-based VM and capture the flag located at /root/flag on the host. The image used and distributed with the challenge was the Ubuntu Server 14.04 LTS Cloud Image. The host used the same image as the guest. The guest was reset every 10 minutes and was started with the following command: ./qemu-system-x86_64 -m 1G -device strng -hda my-disk.img -hdb my-seed.img -nographic -L pc-bios/ -enable-kvm -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::5555-:22 Access to the guest was provided by redirecting incoming connections to the host on port 5555 to the guest on port 22.

Points: 150 Solves: 27 Category: Exploitation Description:

Points: 267 Solves: 9 Category: Exploitation Description:

Points: 500 Solves: 21 Category: Exploitation Description: Do you know Huang Xudong? Let me show you his power.

Points: ~275 Solves: ~30 Category: Exploitation Description: Let’s practice some basic heap techniques in 2017 together!

Summary

Introduction