Intro

This year's C3CTF is as hard as usual.

Not to mention plenty of monstrous pwnables that I didn't even touch to the doorway, but this python challenge takes me roughly 1.5 days to solve in total. Time last so long results from finding the unintended bug which turns the exploit procedure both intricate and fascinating.
Me here mainly focus on the unintended solving analysis, if you wanna see the intended one, please visit the author's github.
Mine unintended exploit is at here.

So now, let's get to it!



- explore more -

Before we start

First of all, I wanna allege for a little variation on my blog.

  • Firstly, language will switch to English considering expressing can be smoothly.
  • Secondly, the former posts won't expose again for translation time consuming reason, and I intentionally push this blog on top of all.
  • Thirdly, I'm trying to gradually moving to real-world cases, but I'll continue sticking to CTF challenges, bcz sometimes it gets sooo interesting!

Today I wanna summarize a pwnable from Seccon 2018 Quals named secret_message, although there's already been a detailed writeup on the Internet, but I still do this, for the author, a special good friend of mine.

I attended seccon 2018 Quals with my teammate ThinerDAS. I worked on secret_message for approximately 10 hour, and managed to solve it with great help from ThinerDAS :)

- explore more -