CTF
final pokemon player
Vulnerability: toc-tou race condition -> out-of-bound write; arbitrary function pointer -> stack buffer overflow using gets()
pwn - oop
Vulnerability: use after free - dangling pointer -> tcache poisoning
pwn - Runic
Pandora is close to finally arriving at the Pharaoh’s tomb and finding the ancient relic, but she faces a tremendously...
Vulnerability: incorrect string handling - strcpy() on raw read() buffer containing null byte -> heap buffer overflow
pwn - Identity
I added a protection layer in front of my database, it's safe now… right? Right??
Vulnerability: off-by-one out-of-bound write -> .bss buffer overflow
pwn - Story Contest
It’s time for you to tell your best story, and maybe you’ll be rewarded accordingly. Good luck !
Vulnerability: toc-tou race condition -> stack buffer overflow - improper length check in read()
pwn - 1149 - Repeat Service
Repeat Service is a convenient service that allows you to enter a string and output it over and over again....
Vulnerability: stack buffer overflow - improper dest check in memcpy()
pwn - 621 - Sea of Stack
Throw the flag at sea. It's so deep that no one can find it.
Vulnerability: stack buffer overflow - improper length check in read()
pwn - 721 - Santa claus is coming to town
산타 할아버지는 알고계신대. 누가 착한 앤지 나쁜 앤지 ...??? 어떻게??? 취약점을 찾아 셀을 획득한 후 flag 파일을 읽으세요. 플래그 형식은 DH{…} 입니다.
Vulnerability: arbitrary size allocation; out-of-bound write - improper index check
pwn
Vulnerability: heap buffer overflow - improper length check in read()
node user
Vulnerability: heap buffer overflow - improper buffer check in read()
PWN3
Vulnerability: stack buffer overflow - improper length check in read()
PWN2
Vulnerability: use after free - dangling pointer
PWN1
Vulnerability: stack buffer overflow - improper length check in fget() / heap buffer overflow - improper length check in memcpy()
pwn - Safe Device (Draft)
I develop a secure driver with a secure recompiled kernel 😈 but I don't share all my secrets to make...
pwn - Crash
I have received a crash report from my server service and I lost my access to the server. The initial...
Vulnerability: format string bug; stack buffer overflow
pwn - Paf Traversal
Your mission is to audit a high-performance hash-cracking platform. It achieves its speed by combining a Go-based API server with...
Vulnerability: path traversal
pwn - Calc
Welcome to Calculator Pro Max - where mathematics meets management!
Vulnerability: double free - dangling pointer
pwn - HeapNote Revenge
I wrote another heap note app and I think it's safe this time. Can you prove me wrong and get...
Vulnerability: integer vulnerability - signed and unsigned conversion -> stack buffer overflow - improper length check
pwn - Anyone Think
Pwn to find the password
Vulnerability: format string bug
pwn - Master's Request
Sanryu's Masters need help from you guys to read the flag.txt in the same dir, please come !!!
Vulnerability: rwx permission
pwn - Contractor
Sir Alaric calls upon the bravest adventurers to join him in assembling the mightiest army in all of Eldoria. Together,...
Vulnerability: stack buffer overflow - improper length check in read()
pwn - Strategist
To move forward, Sir Alaric requests each member of his team to present their most effective planning strategy. The individual...
Vulnerability: incorrect string handling - strlen() overcount -> heap buffer overflow
pwn - Crossbow
Sir Alaric's legendary shot can pierce through any enemy! Join his training and hone your aim to match his unparalleled...
Vulnerability: out-of-bound write -> stack pivot
pwn - Laconic
Sir Alaric's struggles have plunged him into a deep and overwhelming sadness, leaving him unwilling to speak to anyone. Can...
Vulnerability: stack buffer overflow - improper length check in read()
pwn - Hanoi Convention
Can you answer all these questions?
Vulnerability: stack buffer overflow - improper length check in read(), strcpy(); format string bug
pwn - sudokuS
Play the sudoku and get flag. Flag path at /flag.
Vulnerability: rwx permission
pwn - Heap NoteS
Vulnerability: heap buffer overflow - improper length check in gets()
pwn - RacehorseS
My daughter Haru Urara is learning C. She wrote a little program to talk to another horse. Can you check...
Vulnerability: format string bug
pwn - write-flag-where (Draft)
This challenge is not a classical pwn . In order to solve it will take skills of your own . An excellent...
pwn - write-flag-where2 (Draft)
Was that too easy? Let's make it tough . It's the challenge from before, but I've removed all the fluff
pwn - write-flag-where3 (Draft)
Your skills are considerable, I'm sure you'll agree . But this final level's toughness fills me with glee . No writes to...
pwn - lotto
Vulnerability: stack buffer overflow - improper length check in memcpy()
pwn - ROP
Vulnerability: stack buffer overflow - improper length check in read()
pwn - BugBounty
Dear hecker, We are The Inquisition, and we are excited to announce ourupcoming program, "Note" - a program for Space Marines...
Vulnerability: use after free - dangling pointer
pwn - RUN NOW
Run run run!!!
Vulnerability: stack buffer overflow - improper length check in strcpy()
pwn - ropfu
What's ROP?
Vulnerability: stack buffer overflow - improper length check in get()
pwn - buffer overflow 23
Control the return address and arguments | Do you think you can bypass the protection and get the flag?
Vulnerability: stack buffer overflow
pwn - babygame02
Break the game and get the flag.
Vulnerability: stack buffer overflow
pwn - Horsetrack
I'm starting to write a game about horse racing, would you mind testing it out? Maybe you can find some...
Vulnerability: use after free - dangling pointer
pwn - tic-tac
Someone created a program to read text files; we think the program reads files with root privileges but apparently it...
Vulnerability: toc-tou race condition
pwn - high frequency troubles
Vulnerability: house of orange + heap buffer overflow - improper length check in gets()
pwn - babygame03
Break the game and get the flag.Welcome to BabyGame 03! Navigate around the map and see what you can find!...
pwn - format string 0123
Can you use your knowledge of format strings to make the customers happy? | Patrick and Sponge Bob were really...
pwn - heap 0123
Are overflows just a stack concern? | Can you control your overflow? | Can you handle function pointers? | This...
pwn - Echo Valley
The echo valley is a simple function that echoes back whatever you say to it.But how do you make it...
pwn - Handoff
Vulnerability: stack buffer overflow
pwn - hash only 12
Here is a binary that has enough privilege to read the content of the flag file but will only let...
pwn - PIE TIME 12
Can you try to get the flag? Beware we have PIE! | Can you try to get the flag? I'm...
Vulnerability: format string bug