App - System

These challenges will help you understand applicative vulnerabilities.

Login credentials are provided for different challenge, the goal is to obtain additional rights by exploiting program’s weaknesses and get a password to validate challs on the portal.

Prerequisite:
- GDB.
- Knowledges in ASM.
- Knowledges in C language.

Challenges associated with this section 67 Challenges

Results Challenge's Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide ELF x86 - Stack buffer overflow basic 1 9% 10163 5 Lyes 11
pas_valide ELF x86 - Stack buffer overflow basic 2 7% 7693 10 Lyes 10
pas_valide ELF x86 - Format string bug basic 1 5% 5110 15 Lu33Y 5
pas_valide ELF x64 - Stack buffer overflow - basic 3% 3668 20 Arod 4
pas_valide ELF x86 - Format string bug basic 2 2% 2491 20 Lyes 5
pas_valide ELF x86 - Race condition 3% 3443 20 Lu33Y 8
pas_valide ELF ARM - Stack buffer overflow - basic 1% 512 25 pickle 7
pas_valide ELF MIPS - Stack buffer overflow - No NX 1% 100 25 franb 1
pas_valide ELF x86 - Stack buffer overflow basic 3 2% 2429 25 Lyes 2
pas_valide ELF ARM - Stack Spraying 1% 116 30 pickle 3
pas_valide ELF x86 - BSS buffer overflow 3% 2773 30 Lu33Y 6
pas_valide ELF x86 - Stack buffer overflow basic 4 2% 1813 30 Lu33Y 4
pas_valide ELF x86 - Stack buffer overflow basic 6 2% 1399 30 TiWim 4
pas_valide ELF x86 - Format String Bug Basic 3 1% 663 35 Lyes 2
pas_valide ELF ARM - Basic ROP 1% 219 40 pickle 4
pas_valide ELF MIPS - Basic ROP 1% 39 40 dagger 1
pas_valide ELF x86 - Stack buffer overflow - C++ vtables 1% 461 40 sebbb 2
pas_valide ELF x64 - Logic bug 1% 92 50 sbrk 2
pas_valide ELF x86 - Bug Hunting - Several issues 1% 44 50 sbrk 0
pas_valide ELF x86 - Stack buffer and integer overflow 2% 1361 50 Lu33Y 3
pas_valide ELF x86 - Stack buffer overflow - ret2dl_resolve 1% 26 50 kikko 0
pas_valide ELF x86 - Stack buffer overflow basic 5 2% 1255 50 Lu33Y 1
pas_valide ELF x64 - Stack buffer overflow - advanced 1% 636 55 Arod 3
pas_valide ELF MIPS - Format String Glitch 1% 17 60 pickle, martin 0
pas_valide ELF x86 - Information leakage with Stack Smashing Protector 1% 505 60 Arod 2
pas_valide ELF ARM - Race condition 1% 69 70 pickle 1
pas_valide ELF x64 - Browser exploit - Intro 1% 26 70 pickle 1
pas_valide ELF x86 - Out of bounds attack - French Paradox 1% 58 70 sbrk 2
pas_valide ELF x86 - Remote BSS buffer overflow 1% 606 75 Tosh 1
pas_valide ELF x86 - Remote Format String bug 1% 732 75 Tosh 2
pas_valide ELF x64 - Remote heap buffer overflow - fastbin 1% 153 80 franb 1
pas_valide ELF x86 - Blind remote format string bug 1% 191 80 Lyes 1
pas_valide LinKern ARM - vulnerable syscall 1% 59 85 pickle 0
pas_valide LinKern x86 - Buffer overflow basic 1 1% 247 85 franb 2
pas_valide LinKern x86 - Null pointer dereference 1% 254 90 franb 0
pas_valide LinKern x64 - Race condition 1% 164 95 franb 0
pas_valide ELF ARM - Alphanumeric shellcode 1% 20 100 pickle 2
pas_valide ELF MIPS - URLEncoded Format String bug 1% 6 100 pickle 0
pas_valide ELF x86 - Hardened binary 1 1% 470 100 sm0k 2
pas_valide ELF x86 - Hardened binary 2 1% 376 100 sm0k 2
pas_valide ELF x86 - Hardened binary 3 1% 237 100 sm0k 1
pas_valide ELF x86 - Hardened binary 4 1% 267 100 sm0k 2
pas_valide LinKern MIPSel - Vulnerable ioctl 1% 14 100 pickle 0
pas_valide LinKern x64 - reentrant code 1% 87 100 franb 1
pas_valide ELF ARM - Heap format string bug 1% 36 105 franb 0
pas_valide ELF x64 - Sigreturn Oriented Programming 1% 158 105 Arod 2
pas_valide LinKern x86 - basic ROP 1% 128 110 franb 1
pas_valide ELF ARM - Format String bug 1% 42 110 pickle 0
pas_valide ELF ARM - Use After Free 1% 40 110 pickle 0
pas_valide ELF x64 - Heap feng-shui 1% 31 110 laxa 2
pas_valide ELF x64 - Off-by-one bug 1% 79 110 NeedToLearn 1
pas_valide ELF x86 - Hardened binary 5 1% 193 110 sm0k 1
pas_valide LinKern ARM - Stack Overflow 1% 21 110 pickle 0
pas_valide ELF ARM - Heap Off-by-One 1% 28 115 pickle 1
pas_valide ELF x64 - Remote Heap buffer overflow 1 1% 93 115 Tosh 2
pas_valide ELF x86 - Hardened binary 6 1% 185 115 sm0k 3
pas_valide ELF x86 - Hardened binary 7 1% 150 115 Tosh 2
pas_valide ELF x86 - Remote stack buffer overflow - Hardened 1% 75 115 franb 1
pas_valide LinKern x64 - RowHammer 0% 0 115 pickle 0
pas_valide ELF ARM - Heap buffer overflow - Wilderness 1% 18 120 pickle 1
pas_valide ELF ARM - Heap Overflow 1% 21 120 pickle 0
pas_valide ELF x64 - Seccomp Whitelist 1% 29 120 pickle 0
pas_valide ELF x86 - Blind ROP 1% 53 120 franb 0
pas_valide Linkern x64 - Memory exploration 1% 53 120 franb 1
pas_valide ELF x64 - Remote Heap buffer overflow 2 1% 68 130 Tosh, Fritz 1
pas_valide ELF x64 - Blind ROP 1% 32 135 franb 1
pas_valide ELF x64 - Browser exploit - BitString 1% 9 135 pickle 0