Here is a write-up for the challenge “vba03-strikeBack”, since none was posted yet on CTFtime.
All the source code for the malware and cookie logger are available on GitHub.
Continue reading Insomni’hack 2018 – vba03-strikeBack writeupCategory: Insomni’hack
Insomni’Hack 2017 – FPS Write-Ups
For the 10th Insomni’Hack anniversary, new hacking challenge categories were available during the CTF. They consisted of social engineering, hacking room, and a multiplayer FPS game.
This article will cover several write-ups for this last category. It is a great occasion to understand quickly some basis of modern game hacking.
Continue reading Insomni’Hack 2017 – FPS Write-UpsExploiting a misused C++ shared pointer on Windows 10
In this post I describe a detailed solution to my “winworld” challenge from Insomni’hack CTF Teaser 2017. winworld was a x64 windows binary coded in C++11 and with most of Windows 10 built-in protections enabled, notably AppContainer (through the awesome AppJailLauncher), Control Flow Guard and the recent mitigation policies.
Continue reading Exploiting a misused C++ shared pointer on Windows 10rbaced – a CTF introduction to grsecurity’s RBAC
Description
rbaced was a pwnable challenge at last week-end’s Insomni’hack Teaser, split in 2 parts: rbaced1 and rbaced2.
TL;DR: grsecurity/PaX can prevent introducing executable memory in a process or execute untrusted binaries, and make your life miserable.
Continue reading rbaced – a CTF introduction to grsecurity’s RBACInsomni’hack 2016 teaser results
Last weekend saw the year’s CTF competitions begin with our very own Insomni’hack teaser. Given some of the recent absurdities (http://weputachipinit.tumblr.com/) we decided to go with the Internet of Things as our theme this year.
Continue reading Insomni’hack 2016 teaser resultsInsomni’hack finals – InsomniDroid Level 1 Writeup
The challenge was delivered as a zip file (InsomniDroid.zip). The first challenge was perhaps to download it (with its 602.5 MiB). The zip file contains a single file: mmcblk0.dd. A file command gives some information:
Continue reading Insomni’hack finals – InsomniDroid Level 1 WriteupInsomni’hack finals – Hollywood network writeup
You probably saw on many ‘hackers movies’ weird IP address such a 312.5.125.833. On this challenge, you had to connect on a fake IBM mainframe running on this strange IP stack. After the Z/OS banner, you had to get a shell with “L IMS3270”. No guessing here, it’s simply one of the three suggestions. On the READY prompt, you had a bunch of crappy commands extracted from the Swordfish movie. Only FLAG, IFCONFIG worked. FLAG expects an IP address as parameter. Since this mainframe runs on a non-standard IP stack, you can’t simply enter your IPv4 address. So you have to get a look at the IFCONFIG output:
Continue reading Insomni’hack finals – Hollywood network writeupInsomni’hack finals – SH1TTY writeup
This challenge wasn’t solved during the CTF, but StratumAuhuur was pretty close!
The source, binary and exploit for this challenge can be found on our github here.
Insomni’hack finals – Jurassic Sparc writeup
This task wasn’t solved during the CTF. People must hate sparc!
Find the binary, sources and exploit here!
Continue reading Insomni’hack finals – Jurassic Sparc writeupInsomni’hack finals – smtpwn writeup
This challenge was solved by several teams during the contest, however it seems that most teams didn’t have the intended solution, so here it is 😉
The source, binary and exploit for this challenge can be found on our github here!
smtpwn was a very simple local SMTP service. Basically you write a message to its stdin, and it’ll write a file to /tmp/ with the following content: