赶在今年结束前把CTF中出现过的虚拟机逃逸利用都复现了，Vmware Workstation 和 VirtualBox、Qemu相比最大的难度自然是需要逆向方面，即使有Writeup的帮助还是花了不少时间。完成了这道题目感觉又向目标迈进了一步。😎

This is a chanllenge from Real World CTF 2018, heard about the party this year, really want to be there but didn’t earn a ticket in the qualification. Anyway, I’m following the writeup from r3kapig: Real World CTF 2018 Finals Station-Escape Writeup and try to reproduce the escape exploit.

这是连续第三届参加广东省的红帽杯比赛了，就题目质量来说明显是一届比一届高，看到这题万花筒惊喜之余也感叹国内的CTF比赛门槛真是越来越高了。作为一道基于解释器改编的题目，通过传统的逆向方法来做还是比较困难，因此分享一下用fuzzing来找到题目漏洞以及后续的分析利用。
This challenge is from a CTF game of Guangdong province, China. It is a Pwn challenge based on llvm JIT engine. You can download this challenge at this link.

“你们会嘲笑一般时间住民的无知，因为他们以为世上只有一种现实。我会嘲笑永恒之人的无知，因为你们虽然知道有无数种现实，却以为只有一种能够实现。”

九月十月都活在为了一个目标天天头破血流的处境，曾经无数次想过放弃，尤其是夜里独自走回宿舍的时候。到真正大功告成的时候，心里却是很平静。对着一件到处此路不通的事情，天天告诉自己肯定有办法的，慢慢地就变成一种本能的自信了。力气是花了不少，希望接下来能有个好收成。

端点星 川陀 盖亚 地球 奥罗拉 索拉利
哈里.谢顿 以利亚.贝莱 机.丹尼尔
亲爱的银河，你到底藏着多少令人着迷的可能性

断断续续花了大概一年时间读完了阿西莫夫的科幻经典基地系列和机器人系列，统称银河帝国十二部曲。

生活，总是在理所当然的挫折与不期而遇的惊喜之间变得层次分明。

This was my first time to finish a “Real-world” style challenge in CTF game. Having so much fun on this Qemu escape challenge, I learned a lot about how Linux drivers work with the low-level devices when solving this challenge. Our team stands on the fifth place at the end. See you at Shenzhen by the end of 2019!

You can download the challenge zip file from this link: vexx.zip. The login username is root, and password is goodluck. If you want to learn virualization related pwning topic, I believe this will be a good starting point.

The mimic defense is a fancy idea, I don’t know how it works in real-world environment, but definitely interesting when it goes to a pwn challenge.