https://ret2.life/From CTF write-ups to everyday life kind of things 2023-09-07T23:15:52+08:00 Duc Phan https://ret2.life/ Jekyll © 2023 Duc Phan /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2021-08-23T11:47:00+08:00 2021-08-23T11:47:00+08:00 https://ret2.life/posts/corCTF-2021/ Duc Phan

12 hours before the CTF ended, my friend hit me up telling me about the firefox pwn challenge in corCTF. I have never done Firefox/Spidermonkey pwn before, so this has been an awesome learning opportunity for me. Because I started the challenge when not much time was left, this write-up may not fully and correctly convey all technical details. Please keep that in mind and hit me up if you find ...

2021-07-20T23:15:00+08:00 2021-08-23T11:49:13+08:00 https://ret2.life/posts/Google-CTF-2021/ Duc Phan

This year, I played Google CTF under team vh++. Although we did not solve this challenge during the CTF, we have finished it afterwards. This write-up explains the process of studying and writing exploit for chromium browser in the challenge Fullchain of Google CTF 2021. Since I have never tried a chrome sandbox escape or partition alloc exploit, this is a fantastic opportunity to learn both. L...

2019-04-09T06:46:23+08:00 2021-07-24T18:11:18+08:00 https://ret2.life/posts/AceBear-CTF-19/ Duc Phan

I had a lot of fun and a hard time during this CTF, but the challenges are really awesome. I spent the whole time solving one challenge: Incident Response (Misc 1000). In my opinion, this challenge closely resembles a real-life scenario and I’m glad that I’ve learned a lot out of it. So here goes the write up for it! Memory forensics - Identifying the malicious program In this challenge, we’r...

2019-01-21T08:21:38+08:00 2019-01-21T08:21:38+08:00 https://ret2.life/posts/Insomnihack-teaser-CTF-2019/ Duc Phan

This is my exploit for the Onewrite challenge from Insomnihack Teaser CTF 2019. Onewrite - Pwn from __future__ import print_function from pwn import * import os GDBSCRIPT = """ """ HOST = 'onewrite.teaser.insomnihack.ch' PORT = 1337 BIN = './onewrite' PROMPT = "> " STACK = "1" PIE = "2" ADDR = "address : " DATA = "data : " e = ELF(BIN) addrs = { 'poprax': 0x460ac, 'poprdxrsi':...

2019-01-01T14:34:45+08:00 2019-01-01T14:34:45+08:00 https://ret2.life/posts/TetCTF-19/ Duc Phan

This is my write-up for TetCTF 19 Web - IQTest2 (unsolved) Pwn - Easy webserver (unsolved) Pwn - Babysandbox Pwn - Babyheap Pwn - Babyfirst Web IQTest2 After looking at the source code, there is a path that we can polute the $level variable to pass. It has to pass several condition check: if (isset($_COOKIE['saved']) && !empty($_COOKIE['saved']) && isset...