坐中使气如秦侠 陌上行歌类楚狂


  • 首頁

  • 歸檔

  • 關於
  • Mid Station

    [*CTF2021] Favourite Architecture Challenges

    發表於 2021-01-19

    Last weekend sixstar team brought a series of RISC-V challenges in their CTF. As their name suggested, I enjoy playing RISC-V challenges very much, three flags could be found in the checkpoints:

    • Favourite Architecture 0: Reverse challenge, 25 solved
    • Favourite Architecture 1: Userspace pwn challenge, read /home/pwn/flag.24 solved
    • Favourite Architecture 2: Qemu userspace escape pwn challenge, execute /readflag2. 6 solved
      閱讀全文 »
    Mid Station

    Booklist2020

    發表於 2020-12-31

    讲道理会在每年最后一天写下读过的书,然而大家都知道今年是最不讲道理的一年。这么说来好像也找到了一个比:“我把时间都花在youtube上面了”之外更为冠冕堂皇的理由。翻看前几年写下的书单,今年列表是越来越短了,但分量还是挺重的。

    閱讀全文 »

    Mid Station

    [ByteCTF2020 Quals] - pwndroid

    發表於 2020-10-27 | 分類於 Hack

    11月总是会有好事发生的。

    This is a challenge from ByteCTF2020, a simple heap challenge but ran on android. I learned a lot about webview and native interface from it. Four teams solved it during the game, I’m lucky enough to get the flag in the last hour.

    閱讀全文 »

    Mid Station

    VirtualBox Exploitation #3

    發表於 2020-09-22 | 分類於 Hack

    来自强网杯线下赛的一题VbEscape(VE),真的想不到事隔一年多再为这个系列续上一篇。在强网杯的RealWorld题目遇到之前调过的漏洞,心里却是没底。为了做这道题目,眼睁睁看着三大桌面虚拟化软件在我的ThinkPad上大打出手。当然不是因为主力的Hyper-v虚拟机和主办方提供的vmware虚拟机镜像会打架,临时需要把windows系统升级到新的2004版本才能跑;也不是因为用现场龟速外网花了半天升级完成后发现Hyper-v还是会跟vmware嵌套虚拟化打架,而vmware里面的64位virtualbox一定要嵌套虚拟化才能运行;说到底就是因为太菜了,之前调试复现的时候都在debug版本上面,只是跟着exp照虎画猫过了一遍,也没有彻底弄懂。学艺不精因为偷懒欠下的债,始终都是要还的。

    閱讀全文 »

    Mid Station

    [QWB2020 Quals] - mipsgame

    發表於 2020-09-04 | 分類於 Hack

    相信多年后想起2020的夏天还是会会心一笑 。
    似乎永远花不完的夜宵券,腾云三楼铁板烧窗口,每周上新的免费雪糕承担了体重上升的借口,
    亲身参与中国队伍首次DEFCON CTF夺冠,见识过顶级选手的神仙操作,多熬了几个通宵也是值得,
    没有比赛的周末会和阿良到豫园站旁边的ChaletPlus喝可以续杯的Tequila Sunrise或Sea Breeze。

    This is a challenge from QiangWangBei Quals this year. QiangWangBei is considered to be one of the top CTF game in China.The challenge is a http server in MIPS64, only two solved during the game (from 0ops and eee). I’ve found the vulnerability and constructed a PoC during the game, but didn’t have enough time to build a system-mode emulation environment to finish the expliot. Also, because unfamiliar with uclibc, I didn’t come up with a viable method to hijack the control flow.

    After the game finished, I recalled how to build the QEMU debugging environement with buildroot. I shared this knowledge with my colleague @ruan, he wrote a detailed writeup (in chinese) about the building steps. So in this writeup I’ll focus on the challenge itself. I finished this challenge with some hints from @Himyth. Thanks @Himyth and @ruan!

    閱讀全文 »

    Mid Station

    源泉

    發表於 2020-07-06 | 分類於 碎念


    多少个世纪以来,总会有人在新的道路上迈出宝贵的第一步,
    而他们除了自己的洞察力之外并没有别的装备。
    他们的目的各不相同,可是他们都有这样一个共性:
    他们迈出的那一步是第一步,那条道路是前人没有走过的,那种洞察力不是剽窃而来的。
    —— 艾茵·兰德

    閱讀全文 »

    12…11
    Matthew Shao

    Matthew Shao

    坐中使气如秦侠 陌上行歌类楚狂

    63 文章
    2 分類
    14 標籤
    Github
    © 2021 Matthew Shao
    由 Hexo 強力驅動
    主題 - NexT.Logos