Nooff's Cyber Blog

About Pwnable.kr pwnable.kr is a free, non-commercial wargame site that hosts hands-on binary-exploitation challenges you solve by SSH’ing into remote challenge accounts, analysing provided binaries/source, and exploiting them to read flag files. It’s ideal for learning and practicing low-level hacking techniques (buffer overflows, format strings, heap/stack bugs) with community writeups and a ranking system. Overview Passcode is an easy/intermediate binary exploitation challenge from “ pwnable.kr ”. We’ll learn how to exploit badly implemented “scanf” and perform arbitrary memory write to redirect code execution and get the flag.

About Pwnable.kr pwnable.kr is a free, non-commercial wargame site that hosts hands-on binary-exploitation challenges you solve by SSH’ing into remote challenge accounts, analysing provided binaries/source, and exploiting them to read flag files. It’s ideal for learning and practicing low-level hacking techniques (buffer overflows, format strings, heap/stack bugs) with community writeups and a ranking system. Overview BOF is an easy binary exploitation challenge from “ pwnable.kr ”. This challenge is all about the infamous buffer overflow vulnerability, it’s exploitation and often critical impact.

About Pwnable.kr pwnable.kr is a free, non-commercial wargame site that hosts hands-on binary-exploitation challenges you solve by SSH’ing into remote challenge accounts, analysing provided binaries/source, and exploiting them to read flag files. It’s ideal for learning and practicing low-level hacking techniques (buffer overflows, format strings, heap/stack bugs) with community writeups and a ranking system. Overview Collision is an easy binary exploitation challenge from “ pwnable.kr ”. This challenge’s main theme are MD5 hash collisions, which is also the reason why MD5 algorithm is deprecated nowadays.

About Pwnable.kr pwnable.kr is a free, non-commercial wargame site that hosts hands-on binary-exploitation challenges you solve by SSH’ing into remote challenge accounts, analyzing provided binaries/source, and exploiting them to read flag files. It’s ideal for learning and practicing low-level hacking techniques (buffer overflows, format strings, heap/stack bugs) with community writeups and a ranking system. Overview FD is an easy binary exploitation challenge from “ pwnable.kr ”. As the title implies, the exploitation has something to do with file descriptors, which is part of Linux file IO. Accessing the binary We can access the challenge by connecting via SSH: ┌──(root㉿kali)- [/home/kali] └─# ssh fd @pwnable .kr -p2222 [ password : guest] Looking inside the current directory, we have 3 files. There’s “fd” 32-bit binary, “fd.c” source code and “flag”. The goal is to find a bug in the binary/source code and exploit it, which gives us the flag. fd@ubuntu:~$ ls -la total 48 drw...