Pico CTF2014

Hi everyone 🙂

I just created an account on picoCTF, in order to practice few binary exploitation challenges.

picoCTF is an online “capture the flag” platform, designed for students and beginners willing to learn the basics of buffer overflow, format string exploitation, and more generally understand the x86 assembly language and its paradigms. If you are already familiar with shellcodes and mechanisms used to prevent exploitation such as DEP, ASLR, canary stack and so on, you can go on your way since you should not learn so much.

Challenges are designed with an educative purpose (it should not take you hours to solve them), so will be the write-ups you might read on this blog.

All challenges target the Linux operating system, and binaries are compiled with gcc and the “-m32” option, which will allow you to play with 32 bits executable only.

Each binary is setgid with a group id to which belong a file called “flag.txt”, readable by the group members but NOT by the others. Therefore, to solve a challenge, you need to exploit a vulnerability that will allow you to control the execution flow and to read this flag file (with /bin/cat or something like this) !

Hopefully this blog will help you to learn new things, feel free to ask if something is not really clear or to report any kind of mistake 🙂

Rémi

remi

Security Engineer / Malware Analyst, interested in reverse engineering, vulnerability exploitation, OS architecture & software developpement.

Leave a Reply

Your email address will not be published. Required fields are marked *