Booj thoughts on security

pwnable.kr - random, coin1 & bof

This post describes three Toddler’s Bottle exploits on pwnable.kr. Random This is a simple binary exploitation challenge. The code for the binary is included once the user has SSH’d in: #include <stdio.h> int main(){ unsigned int random; random = rand(); // random value! unsigned int key=0; scanf("%d", &key); if( (key ^ rando... Read more 28 Jan 2018 - 5 minute read

HackTheBox - SolidState

This post will describe exploitation of the Solidstate device on HackTheBox. Solidstate’s an interesting box, and also memorable as the day when the HTB platform shit itself from the load. It’s also a lesson in reading the damn exploit code. I spent a long time re-running the exploit expecting stuff to happen, but the true realisation came ... Read more 27 Jan 2018 - 4 minute read

HackTheBox - Calamity

This writeup is effectively the summation of three days of bashing my head against GDB. It ended up ballooning in size, but I’ve tried to include as much detail as possible, so hopefully someone with only a basic knowledge of buffer overflow’s should be able to follow along. It’s important to be aware that this is quite a complex buffer overfl... Read more 20 Jan 2018 - 26 minute read

Stack Buffer Overflows: Linux 2 - Using GDB

In Chapter 2 of my Linux Stack Buffer Overflow series I’ll be walking you through crafting an exploit from scratch in GDB with no external hints of the environment. If you’re new to this type of exploit I’d recommend going through Chapter 1. One issue with crafting an exploit in GDB and then running it outside, is that the exploit simply no lo... Read more 17 Jan 2018 - 5 minute read

BMAT Physics

A couple of years ago I was asked to author solutions for the physics portion of a private BMAT tutoring course. This course never ended up being taught and I’ve recently been informed that the BMAT cirriculum has changed. Therefore, I’ve decided to release these for anyone with either a cursory interest in Physics, or anyone looking for past ... Read more 13 Jan 2018 - 1 minute read