⭐⭐ If you find this repository helpful, please give us a star! ⭐⭐
程式安全課程 @ 2024 NCKUCTF Club 成大資安社社課
Binary exploitation (pwn) course for 2024 NCKUCTF Club.
Online labs are available at our CTFd
Ubuntu 22.04 LTS with glibc version 2.35. (No heap exploitation so that the glibc version doesn't affect that much I think)
exploit scripts folder contains the solution for lab challenges.
| Lab | Description |
|---|---|
| got | Global Offset Table Hijacking |
| got_adv | Overwrite Global Offset Table of stack_chk_fail to bypass canary |
| magicgdb | Use gdb to dynamically control the program and get the flag |
| ret2sc | Return to shellcode |
| ret2sc_adv | Use shellcode to open, read and write |
| ret2win | Return to win |
| ret2win_adv | Return to win, beware of movaps issue |
| Lab | Description |
|---|---|
| ezrop | Static linked binary ROP |
| pivoting | Forge rbp and rsp to achieve stack pivoting |
| ret2libc | Leak libc address left in array and return to libc |
| ret2libc_adv | Leak libc address by yourself and return to libc |
| ret2libc2024 | New trick to solve return to libc without csu_init gadgets |
| Lab | Description |
|---|---|
| httpd_patched | Reproduce CVE-2023-37144 on Tenda AC10 Firmware V15.03.06.23 using qemu |
The content of this repository is licensed under the CC-BY-4.0.