CTFするぞ

あたまよくないけどがんばります

CTF

Harekaze mini CTF 2020のWriteup

24時間のHarekaze mini CTF*1 2020が開催されました。 zer0ptsとして参加しましたが、作問陣にいたり忙しかったりで参加できないメンバーが多かったのでチーム名を「yoshiking*2と愉快な仲間たち」にすれば良かったと後悔しています。 難易度は比較的易しめ…

HackTM CTF Finals 2020 Writeup

Last weekend I played HackTM CTF Finals 2020, the Finals event of HackTM CTF Quals 2020, in zer0pts and we won the CTF I mostly worked on pwn, forensics and few reversing tasks. Especially the pwn tasks were well-designed and I reaperhaops…

オレオレFuzzerもどきを利用してCTFのpwnableを解こう

はじめに Fuzzingの概念 なぜ自分でFuzzerを書くのか 実際に問題を解く dual - ユーザーランドプログラムのFuzzing Step 1. Fuzzerの方針を立てる Step 2. テストケースを最適化する Step 3. 問題を解く spark - カーネルドライバのFuzzing Step 1. Fuzzerの…

pbctf 2020 Writeup

pbctf 2020 had been held from December 5th 00:00 UTC for 48 hours. I played it in zer0pts and we won the CTF I mainly worked on the pwn tasks. Every pwn task was very hard (except for Amazing ROP) and there were something to learn. I reall…

Layer7 CTF 2020 Writeup

Layer7 CTF had been helf on 14th November. It was a 15-hour individual competition. I played it as retsuko and reached 2nd place. Same as last year, the challenges were well-designed and I enjoyed them! And same as last year, I couldn't so…

BingoCTF 2020 Writeup

BingoCTF took place from 12th Nov, 09:00 KST for 24 hours. This CTF is a new-style competition for individuals. The score is calculated based on the number of bingo you made and the time you used to make bingo. We have 5 hours to solve the…

SECCON 2020 Online CTF Writeup

I wrote some challenges for this year's SECCON CTF. SECCON was famous for providing some crappy challenges but they eliminated those crappy-challenge authors this year XD Congratulations to HangulSarang, perfect blue, and MSLC! Thank you f…

TokyoWesterns CTF 2020 Writeups

I played TokyoWesterns CTF 2020 in team D0G$ (Defenit x zer0pts x GoN x $wag) and we reached 1st place It was an amazing dream collabolation I mainly worked on the pwn tasks and I'm going to write about some of them. The tasks and solver…

TSG LIVE! CTF 5のwriteup

競技時間が1時間ちょっとの割にクオリティの高い問題を毎年提供していると噂のTSG LIVE! CTFにyoshikingdomで参加しました。 みなさん気づいていなかったと思いますが、実はyoshikingというユーザーは私でした。 なんかサブマリンしてたみたいになっています…

CSAW CTF Quals 2020 Writeups

I was looking forward to playing CSAW CTF Quals 2020 since it was right level for me last year. We played this year's CSAW CTF in zer0pts and reached 11th place. I mainly worked on pwn and rev, and the pwn challenges were good. (I don't li…

PoseidonCTF 1st Edition Writeup

PoseidonCTF 1st Edition had been held from August 8th, 17:00 to 9th, 17:00 UTC. I played it in zer0pts and reached 3rd place. Pwn tasks are well-designed but I couldn't solve/check all of them because I had to check forensics and reversing…

WMCTF 2020 Writeup

I played WMCTF 2020 in DefenitelyZer0 (Defenit x zer0pts) and reached 8th place! WMCTF had been held from August 1st for 48 hours on XCTF platform. (I call it Chinese Mystery Platform.) The challenges I solved were really fun and I learned…

3kCTF-2020 Writeup

We zer0pts played 3kCTF-2020 which was held from 24 July 2020, 17:00 UTC for 20 hours. There are 5 categories (rev, web, pwn, crypto, misc) and the number of the tasks were well-balanced. I mainly worked on pwn tasks and I felt they were w…

UIUCTF 2020 Writeup

I played UIUCTF 2020, which had been held from July 18th 00:00 UTC for about 48 hours, in zer0pts and we reached 5th place. The overall difficulty was hard but many challenges I solved were fun as well. I mainly worked on pwn and kernel ta…

TSG CTF 2020 Writeup

TSG CTF 2020 had been held from July 11th 07:00 UTC for 24 hours. I played it in DefenitelyZer0, a collabolation team of Defenit and zer0pts, and reached 2nd place. I was one of the pwn members and we solved all the pwn tasks. I got 5 out …

ASIS CTF 2020 Quals - Pwn Writeup

I wrote the 6 pwn tasks of ASIS CTF 2020 Quals. Here is the brief overview of them. Challenge Vulnerability Estimated Difficulty Full Protection stack overflow, fsb warmup babynote integer overflow (to get out-of-bound address write) easy …

Defenit CTF 2020 Writeups

We zer0pts played Defenit CTF 2020 and reached 4th place! It was a really amazing CTF! Other members' writeups: furutsuki.hatenablog.com st98.github.io Here is the tasks and solvers for some challenges I solved. bitbucket.org [Pwn 656pts] …

Pwn2Win CTF 2020 Writeups

Pwn2Win CTF 2020 had been held from May 30th for 48 hours. I played it in zer0pts and reached 6th place. Especially pwn tasks were a lot of fun! [Pwn 263pts] At Your Command [Pwn 298pts] Tukro [Pwn 340pts] Trusted Node [Web 171pts] A Paylo…

SECCON Beginners CTF 2020 作問者Writeup

はじめに 5月23日14:00から24時間、初心者向けのSECCON Beginners CTF 2020を開催しました。 といっても全問が初心者向けな訳ではなく、中級者でも難しいと感じるような問題もちらほらあったと思います。 また、CTFを本当に初めて触るという方にとってはBegi…

SpamAndFlags 2020 Writeups

I played "S㎩mAndFlags Uけimate w呎は屸de C㏊mᒆonship Teaser - ㎩㏚i㎄ Edition" in shibadogs. We reached 6th place :yay: Thank you @SpamAndHex for hosting the CTF! [rev+misc] TAS (1-5) [pwn] Nativity Scene [pwn] Secstore #2 The tasks and …

IJCTF 2020 Writeups

I played IJCTF 2020 in zer0pts and we got 3rd place. Other member's writeup: st98.github.io [pwn 100pts] Input Checker [pwn 620pts] Babyheap [rev 728pts] Rev 0 [rev 986pts] Rev 2 [forensics 998pts] List Of File Type [rev+web+pwn 1000pts] b…

PlaidCTF 2020 Writeups

I played PlaidCTF in shibad0gs and reached 38th place. I'm going to write up the challenges I solved during the CTF. I don't write about "YOU wa SHOCKWAVE" as I mostly guessed the flag. (It was about disassembling shockwave media --> findi…

HexionCTF 2020 Writeups

I played HexionCTF in zer0pts and we got 1st place. The tasks are decent-level, fun and well-designed. Thank you @hexion_team for the nice CTF! Other member's writeup: st98.github.io [Pwn 940pts] WWW [Pwn 988pts] Hangman [Pwn 998pts] Text …

House of Husk

CTF

About Yesterday I came up with an idea of a new heap exploitation technique. As far as I googled it, nobody had published the technique yet and I named it "House of Husk." The technique makes it easy to control RIP under the condition that…

House of Husk (仮)

CTF

はじめに ヒープ大嫌いなのですが、多分まだ誰も公開していないヒープ系exploit手法を思いついたので書きます。 調べても出てこなかったので既出じゃないと信じて「House of Husk」と名前を付けました。 これ系に命名規則があるのか不明だし名前も思いつかな…

FireShell CTF 2020 Writeups

FireShell CTF had been held from March 22th JST for 24 hours. I played this CTF in zer0pts and we reached 3rd place. I solved only two pwn tasks and one easy crypto/rev, but the pwn tasks are tough and I'm going to write the solutions for …

SuSeC CTF 2020 Pwn Writeups

SuSeC CTF 2020 had been held from 15th March 06:30 UTC for 36 hours. I wrote 3 pwn tasks for this CTF. (I don't know of any other tasks.) The tasks and solvers are available here: bitbucket.org I hope you enjoyed my pwn challenges :) [182p…

CONFidence CTF 2020 Teaser Writeups

I played CONFidence CTF 2020 in zer0pts. We got 786pts in total and reached 19th place. It was pretty hard but a fun CTF. Other members' writeups: st98.github.io Files and solvers for some challenges: bitbucket.org [misc 37pts] Hidden Flag…

Kernel Exploitで嵌ったときのチェックリスト

CTF

はじめに Kernel Exploitを初めて1ヶ月半くらいが経ちましたが、カーネルランドはデバッグが大変なので「なぜかexploitが動かない」ってなったときのチェックリストを作りました。 僕は大量に時間を溶かしたのですが、皆はこんな人間にならないでね。 ユーザ…

zer0pts CTF 2020 開催記

CTF

はじめに 2020年03月07日00:00から09日00:00 UTCにzer0pts CTF 2020を開催しました。 今回はいままでと違い、zer0ptsで開催したという点と、CTFtimeに載せたという点で初だったので緊張感がありました。 開催記を残すとともに、CTFtimeに載せる手順や攻撃へ…