Writeups

Recently, I started training myself on hackropole, the ANSSI platform that has all the challenges from the past FCSC competitions. So I thought I’d make some writeups for some challenges, here is the writeup for May the Fifth. TLDR lack of boundary check in zForth allow arbitrary read and write use the lack of bounds check to leak PIE address use the PIE address to read got address and gain libc leak overwrite strlen got by system for RCE May the Fifth was a 2 Star challenge from FCSC 2023. A docker-compose.yml is provided so we can test the final exploit on remote. We also had the binary as well as an archive. ...

This year, I solved my first challenge from a big CTF. The challenge was fpon and involved manipulating FSOP for RCE. For this challenge a Dockerfile and the binary were provided. I first extracted the ld and libc from the Docker and used pwninit to have a fpon_patched running with the correct ld and libc, as exploits can work differently if not using the correct version. Now that we are all setup we can look at the challenge. ...