This past weekend, I had some time to spare and decided to attempt some of the challenges from the BitSiege CTF. The CTF had some interesting challenges which I enjoyed solving and even managed to get first blood and only solve for one of the challenges. This blog post is a walkthrough of some of the challenges.
Catalog Kiwi Khaos Baby Canel Baby Canel 2 Diastema Invincible Baby’s First Format Binary Information Ghidra Exploit Kiwi Khaos This was a relatively simple web challenge, where I got first blood and ended up being the sole solver.
CasaOs is one of the go-to tools for home server setups among tech and cloud enthusiasts. It is a straight forward interface that simplifies the complexities of server management, allowing users to set up and manage their own servers via a user-friendly interface without the steep learning curve usually associated with traditional server setups. In this blog post, we will explore some of the features in CasaOs and how an attacker could abuse them to compromise the underlying host.
Recently I took part in the Africa Bug Pwn 2024 Capture the Flag Competition and managed to get second position with 2310 points. The CTF was very interesting and I got to learn a thing or two. This blog post will be a writeup of some of the challenges I managed to solve.
This blogpost is a walkthrough of the UrchinSec Tanzania National CTF challenges. The UrchinSec Tanzania National CTF was an interesting ctf organized by the urchinsec team . From the ctf, I managed to solve several challenges one of which was a 500 point reverse engineering challenge.
Binary Information Checking the file type of the binary, we can confirm that the file is a 64bit executable which is dynamically linked and the libc file is provided. We can also see that the binary has No Canary and No PIE. ./argv: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=1ec247dc11817e2e52f5e75b63701f24d11a936c, for GNU/Linux 3.2.0, not stripped From the checksec results:
Full RELRO is enabled, meaning we can’t overwrite got entries since most sections are marked as readable and not writable.
This blog post is a walk-through of the Orb Pwn Challenge from the Global Cyber Games: New Year Mayhem 2024 CTF . This pwn challenge was a medium level challenge and an interesting challenge to solve.
Over the recent weekend, I found some free time that enabled me to participate in the ShmooCon CTF. While it did not have pwn challenges as I had hoped, they offered a variety of challenges I enjoyed solving. This blogpost is a walkthrough of some of the challenges I managed to solve.
Catalog Reverse Engineering First .NET WordSmith WordSmith2 Cloud Statically Charged Putting in Work Troposphere Walking Crypto Barcode ShmarCode Cloud Statically Charged For this challenge, we are provided with a url and upon visiting the link , we get a slideshow of some AI generated images.
