Overview SPOILER: This blog contains the solution of Modern Typer Chrome exploitation challenge from HTB. If you are planning to take this challenge, I would highly encourage attempting the challenge first before reading this blog. This challenge can be obtained from the Challenges section of hackthebox. Prerequisites This blog is not a Turbofan reference and is not intended to be. There are excellent public resources to acquire a basic understanding of Turbofan.

This post will cover the chrome exploit challenge oob-v8 from *CTF. The challenge can be found here. 01 -Analyzing the Patch if we take a close look at the patch oob.diff from the *CTF v8-oob challenge we will observe the introduction of the ArrayOob function. Authors of this challenge didn’t really wanted to make the discovery of the vulnerability a hard task, and there are even comments for the read/write primitives.

Everlasting Imaginative void was a Hitcon2017’s reversing challenge worthing 300 points. The challenge description was the following: Astonishingly impoverished elf Not much information. Executing a file command, we get the following information: n4x0r@pwn1e~$ file void-1b63cbab5d58da4294c2f97d6b60f568 void-1b63cbab5d58da4294c2f97d6b60f568: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=5f8a87150720003c217508ffd74883c715ffe7c3, stripped If we execute the file we see the following: n4x0r@pwn1e~$ ./void-1b63cbab5d58da4294c2f97d6b60f568 blabla hitcon{blabla} Ok, Lets dig inside and see what we can find.

Angrybird was the first challenge that I solved on the 2017 CodeGate2017 CTF. There was no description for the challenge just a binary. When we opened the binary with IDA, we can see the graph overview of the main function: if we have a closer look at the call graph, every basic block is composed of a small check. if that check holds, then the flow of execution continues to the next block.