App - System

Diese Übungen setzen sich mit Schwachstellen in Programmen auseinander.

Bei jeder Übung werden Login-Daten für den Server zur Verfügung gestellt. Ziel ist es auf dem Server eine Schwachstelle in dem zur Verfügung gestellten Programm auszunutzen um zusätzliche Rechte zu erhalten. Mit diesen Rechten kann man dann das Passwort auslesen, mit dem die Übung auf der Plattform gelöst werden kann.

 75 Übungen

Ergebnis Name Validierung Anzahl der Punkte  Erklärung der Punktevergabe Schwierigkeitsgrad  Schwierigkeitsgrad Autor Bewertung  Bewertung Musterlösung
pas_valide ELF x86 - Stack buffer overflow basic 1 8% 15711 5 Lyes 3
pas_valide ELF x86 - Stack buffer overflow basic 2 6% 11239 10 Lyes 1
pas_valide PE32 - Stack buffer overflow basic 1% 787 10 Ech0 0
pas_valide ELF x86 - Format string bug basic 1 4% 7286 15 Lu33Y 0
pas_valide ELF x64 - Stack buffer overflow - basic 3% 5558 20 Arod 0
pas_valide ELF x86 - Format string bug basic 2 2% 3652 20 Lyes 0
pas_valide ELF x86 - Race condition 3% 4941 20 Lu33Y 0
pas_valide ELF ARM - Stack buffer overflow - basic 1% 1041 25 pickle 1
pas_valide ELF MIPS - Stack buffer overflow - No NX 1% 330 25 franb 0
pas_valide ELF x86 - Stack buffer overflow basic 3 2% 3648 25 Lyes 0
pas_valide ELF x86 - Use After Free - basic 1% 1050 25 Esad 0
pas_valide ELF ARM - Stack Spraying 1% 183 30 pickle 0
pas_valide ELF x86 - BSS buffer overflow 2% 3470 30 Lu33Y 1
pas_valide ELF x86 - Stack buffer overflow basic 4 2% 2284 30 Lu33Y 0
pas_valide ELF x86 - Stack buffer overflow basic 6 2% 2133 30 TiWim 1
pas_valide ELF x86 - Format String Bug Basic 3 1% 962 35 Lyes 0
pas_valide PE32 - Advanced stack buffer overflow 1% 129 35 Ech0 0
pas_valide ELF ARM - Basic ROP 1% 531 40 pickle 0
pas_valide ELF MIPS - Basic ROP 1% 99 40 dagger 0
pas_valide ELF x86 - Stack buffer overflow - C++ vtables 1% 677 40 sebbb 0
pas_valide PE32+ Format string bug 1% 59 45 Ech0 0
pas_valide ELF x64 - Logic bug 1% 150 50 sbrk 1
pas_valide ELF x86 - Bug Hunting - Several issues 1% 80 50 sbrk 0
pas_valide ELF x86 - Stack buffer and integer overflow 1% 1642 50 Lu33Y 0
pas_valide ELF x86 - Stack buffer overflow - ret2dl_resolve 1% 167 50 kikko 0
pas_valide ELF x86 - Stack buffer overflow basic 5 1% 1497 50 Lu33Y 0
pas_valide ELF x64 - Stack buffer overflow - advanced 1% 994 55 Arod 0
pas_valide ELF MIPS - Format String Glitch 1% 44 60 pickle, martin 0
pas_valide ELF x86 - Information leakage with Stack Smashing Protector 1% 715 60 Arod 0
pas_valide ELF ARM - Race condition 1% 108 70 pickle 0
pas_valide ELF x64 - Browser exploit - Intro 1% 64 70 pickle 0
pas_valide ELF x86 - Out of bounds attack - French Paradox 1% 91 70 sbrk 0
pas_valide ELF x86 - Remote BSS buffer overflow 1% 687 75 Tosh 0
pas_valide ELF x86 - Remote Format String bug 1% 846 75 Tosh 0
pas_valide PE32+ Basic ROP 1% 33 75 Ech0 0
pas_valide ELF x64 - Remote heap buffer overflow - fastbin 1% 227 80 franb 0
pas_valide ELF x86 - Blind remote format string bug 1% 256 80 Lyes 0
pas_valide LinKern ARM - vulnerable syscall 1% 109 85 pickle 0
pas_valide LinKern x86 - Buffer overflow basic 1 1% 374 85 franb 0
pas_valide LinKern x86 - Null pointer dereference 1% 373 90 franb 0
pas_valide LinKern x64 - Race condition 1% 233 95 franb 0
pas_valide ELF ARM - Alphanumeric shellcode 1% 35 100 pickle 0
pas_valide ELF MIPS - URLEncoded Format String bug 1% 21 100 pickle 0
pas_valide ELF x86 - Hardened binary 1 1% 614 100 sm0k 0
pas_valide ELF x86 - Hardened binary 2 1% 489 100 sm0k 0
pas_valide ELF x86 - Hardened binary 3 1% 301 100 sm0k 0
pas_valide ELF x86 - Hardened binary 4 1% 340 100 sm0k 0
pas_valide LinKern MIPSel - Vulnerable ioctl 1% 36 100 pickle 0
pas_valide LinKern x64 - reentrant code 1% 128 100 franb 0
pas_valide ELF ARM - Heap format string bug 1% 65 105 franb 0
pas_valide ELF x64 - Sigreturn Oriented Programming 1% 206 105 Arod 0
pas_valide ELF ARM - Format String bug 1% 76 110 pickle 0
pas_valide ELF ARM - Use After Free 1% 80 110 pickle 0
pas_valide ELF x64 - Heap feng-shui 1% 56 110 laxa 0
pas_valide ELF x64 - Off-by-one bug 1% 112 110 NeedToLearn 0
pas_valide ELF x86 - Hardened binary 5 1% 260 110 sm0k 0
pas_valide LinKern ARM - Stack Overflow 1% 47 110 pickle 0
pas_valide LinKern x86 - basic ROP 1% 191 110 franb 0
pas_valide ELF ARM - Heap Off-by-One 1% 49 115 pickle 0
pas_valide ELF x64 - Remote Heap buffer overflow 1 1% 138 115 Tosh 0
pas_valide ELF x86 - Hardened binary 6 1% 240 115 sm0k 0
pas_valide ELF x86 - Hardened binary 7 1% 203 115 Tosh 0
pas_valide ELF x86 - Remote stack buffer overflow - Hardened 1% 124 115 franb 0
pas_valide LinKern x64 - RowHammer 1% 53 115 pickle 0
pas_valide LinKern x64 - SLUB off-by-one 1% 36 115 Tosh 0
pas_valide ELF ARM - Heap buffer overflow - Wilderness 1% 30 120 pickle 0
pas_valide ELF ARM - Heap Overflow 1% 38 120 pickle 0
pas_valide ELF x64 - Seccomp Whitelist 1% 46 120 pickle 0
pas_valide ELF x86 - Blind ROP 1% 102 120 franb 0
pas_valide Linkern x64 - Memory exploration 1% 84 120 franb 0
pas_valide WinKern x64 - Advanced stack buffer overflow - ROP 1% 18 120 __syscall, Synacktiv 0
pas_valide WinKern x64 - Use After Free 1% 10 120 __syscall, Synacktiv 0
pas_valide ELF x64 - Remote Heap buffer overflow 2 1% 104 130 Tosh, Fritz 0
pas_valide ELF x64 - Blind ROP 1% 72 135 franb 0
pas_valide ELF x64 - Browser exploit - BitString 1% 25 135 pickle 0

Ergebnisse der Übungen Ergebnisse der Übungen

Nickname Übungen Sprache date
xct   ELF x86 - Stack buffer overflow basic 1 24. Februar 2021 zu  20:47
aaSSfxxx   ELF x86 - Use After Free - basic 24. Februar 2021 zu  19:27
AlphaTartine   ELF x86 - Format string bug basic 1 24. Februar 2021 zu  18:48
mh4ckt3mh4ckt1c4s   ELF x64 - Stack buffer overflow - avancé 24. Februar 2021 zu  18:45
anoldcat   ELF x86 - Race condition 24. Februar 2021 zu  18:23
Ewaël   ELF x86 - Stack buffer and integer overflow 24. Februar 2021 zu  15:50
highlander   ELF x86 - Race condition 24. Februar 2021 zu  10:13
Notme   ELF x86 - Use After Free - basic 24. Februar 2021 zu  09:20
Tom   ELF x86 - Stack buffer overflow - ret2dl_resolve 24. Februar 2021 zu  00:41
Robby   ELF x86 - Stack buffer overflow basic 4 23. Februar 2021 zu  22:49