今天是来到陌生城市的第66天，隔离起来的第52天，距离原定的复工日期已经18天。
总算等到重回正轨的好消息了。
国外的情况还是很严峻啊，祝福国外的朋友平安顺利。

This time is a challenge from last week’s CTF game organized by XCTF with many Chinese universities. This chanllenge is a linux kernel exploitation designed by SixStar Team. I didn’t finished it during the game, most of the time I spent on searching for objects to refill the size 0x20-0x70, only at very last moment I realize there was a freelist harderned in the kernel. Many teams solved it by unexpected solution because of the deployment mistake, which is unpleasant, but it is still a good challenge.

I learned the solution from Kernoob: kmalloc without SMAP, thanks Kirin! Based on his writeup, I will make some notes about the debugging and details of the bypass.

春节期间学习了v8引擎exploit相关的知识，挑了几道经典题目练手：

• PlaidCTF2018：roll a d8
• *CTF2019：OOB
• GoogleCTF2018: Just-in-time

各路大神的writeup已经足够详细了，这里只记录一下解决v8题目比较关键的知识点。

本来以为去年的春节已经足够不堪了，怎料今年更是难上加难。
第一次在外地过年就遇上疫情爆发的事情，本来计划家人来过年也只能取消了。不过不能出门正好也拥有了大段空闲时间，与其像朋友圈里面的各位花式秀无聊，不如静下心来攻克之前没有完成的一些题目。

This is a challenge from QiangWangBei Finals last year, it’s a RealWorld challenge. Only about 3~4 teams were able to finish it in the game. You can download the challenge files here. The challenge is called VulnTest, it contains some obvious bugs but the difficulty lies in the exploitation. It was compiled with AddressSanitizer(ASAN), which is designed to detect the memory corruption thoroughly, so it could provide extra protection for the program. If a vulnerability is triggered, it can be detected as soon as possible and the program died out.

最近突然有种想法，即便是如今信息爆炸的时代，构造一个人精神世界的主要输入还是通过书籍。就个人体会，电影、剧集、音乐作品似乎都没有书籍来的深刻。今年算得上是精神财富和物质财富都丰收的一年，也亲身体会了一次从量变到质变的进步。物质方面不太方便展示，那就分享一下部分精神财富好了。😃

一

不论你是谁，不论你做什么，当你渴望得到某种东西时，最终一定能够得到，因为这愿望来自宇宙的灵魂。
那就是你在世间的使命。

《牧羊少年奇幻之旅》讲述的是一个叫圣地亚哥的少年因为重复做了奇怪的梦，从此放弃牧羊生活，远赴埃及寻找宝藏的故事。

赶在今年结束前把CTF中出现过的虚拟机逃逸利用都复现了，Vmware Workstation 和 VirtualBox、Qemu相比最大的难度自然是需要逆向方面，即使有Writeup的帮助还是花了不少时间。完成了这道题目感觉又向目标迈进了一步。😎

This is a chanllenge from Real World CTF 2018, heard about the party this year, really want to be there but didn’t earn a ticket in the qualification. Anyway, I’m following the writeup from r3kapig: Real World CTF 2018 Finals Station-Escape Writeup and try to reproduce the escape exploit.