This is too brief to be called write-up. But I’m tired …
I’ve participated in DEF CON CTF Qualifier 2018 as a member of a certain team, ignominious 40th place. But somehow I solved 3 tasks:
- ELF Crumble
- elastic cloud compute (memory) corruption
I write down my impressions.
This is a task to combine and execute 8 binary fragments correctly. I wrote damn brute-force solver for this, 脳が死んでいるので．
A blind pwn task. I accidentally found offset
-0x38 to the GOT entry of
read. Then I wrote the probabilistic solver.
A VM escape task.
We were given
qemu-system-x86_64 binary with vulnerable PCI device named
ooo. Notable functions are as follows:
What matters is use-after-free vulnerability in:
With the clue of the chunk offset on
0x1317940, now we can overwrite
sub_6E64A5 by fastbin attack, in particular using
I stayed up all night for this. I was tired but it was fun. I used these past write-ups as a reference when solving this task:
Other tasks I had wanted to solve are:
This year DEFCON’s organizer has changed from LegitBS to OOO (Order of the-Overflow). OOO seems to have the purpose of connecting academic research and CTF. I support this philosophy, but this competition was not perfect. My impressions are summarized as follows:
|Meritocratic rev/pwn. Brand-new topics i.e. blockchain, neural network, reversing of Rust binary.||Many guessing tasks. Some incredible, old-fashioned tasks. In particular, sbva and ghettohackers: Throwback are quite bad.|
Anyway, I’m looking forward to that next year.