WinKern x64 - Use After Free

120 Points  0x0

Reverse the driver, find exposed vulnerabilities and exploit them on a Windows 10 system, in order to obtain SYSTEM privileges

Author

__syscallSynacktiv,  

Level  Difficulty

Validations

37 Challengers 1%

Note  Notation

1
2
3
4
5
31 Votes

To reach this part of the site please login

solutions  Solution

Submit a solution

Challenge Results Challenge Results

Pseudo Challenge Lang Date
RedBetta App - Système  WinKern x64 - Use After Free fr 29 June 2025 at 13:23
CeliTop App - Système  WinKern x64 - Use After Free fr 3 June 2025 at 13:30
lolo42 App - Système  WinKern x64 - Use After Free fr 17 May 2025 at 23:30
vikingfr App - Système  WinKern x64 - Use After Free fr 3 January 2025 at 18:20
00BL1X App - Système  WinKern x64 - Use After Free fr 16 December 2024 at 02:47
Kebche App - Système  WinKern x64 - Use After Free fr 23 July 2024 at 20:07
laxa App - Système  WinKern x64 - Use After Free fr 2 July 2024 at 22:08
fhamster App - Système  WinKern x64 - Use After Free fr 14 May 2024 at 22:56
Blackfrost App - System  WinKern x64 - Use After Free en 16 April 2024 at 05:04
Express App - Système  WinKern x64 - Use After Free fr 14 February 2024 at 15:38

challenges 93 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution Date
pas_valide ELF x86 - Stack buffer overflow basic 1 7% 25393 5 Lyes 11 25 March 2015
pas_valide ELF x64 - Basic heap overflow 1% 2413 10 sourcePerrier 1 13 February 2023
pas_valide ELF x86 - Stack buffer overflow basic 2 5% 17417 10 Lyes 10 10 April 2015
pas_valide PE32 - Stack buffer overflow basic 1% 2592 10 Ech0 8 3 December 2019
pas_valide ELF x86 - Format string bug basic 1 3% 10866 15 Lu33Y 7 8 February 2012
pas_valide ELF x64 - Stack buffer overflow - basic 3% 8445 20 Arod 7 31 May 2015
pas_valide ELF x86 - Format string bug basic 2 2% 5556 20 Lyes 5 8 April 2015
pas_valide ELF x86 - Race condition 2% 6991 20 Lu33Y 10 8 February 2012
pas_valide ELF ARM - Stack buffer overflow - basic 1% 1537 25 pickle 7 9 March 2017
pas_valide ELF MIPS - Stack buffer overflow - No NX 1% 618 25 franb 2 28 September 2018
pas_valide ELF x64 - Double free 1% 1307 25 Esad 2 23 March 2021
pas_valide ELF x86 - Stack buffer overflow basic 3 2% 5678 25 Lyes 5 10 April 2015
pas_valide ELF x86 - Use After Free - basic 1% 2264 25 Esad 3 26 May 2019
pas_valide ELF ARM - Stack Spraying 1% 314 30 pickle 4 2 April 2017
pas_valide ELF x64 - Stack buffer overflow - PIE 1% 1392 30 HomardBoy 3 26 March 2021
pas_valide ELF x86 - BSS buffer overflow 2% 4557 30 Lu33Y 7 8 February 2012
pas_valide ELF x86 - Stack buffer overflow basic 4 1% 3198 30 Lu33Y 5 8 February 2012
pas_valide ELF x86 - Stack buffer overflow basic 6 1% 3421 30 TiWim 5 10 March 2016
pas_valide ELF x86 - Format String Bug Basic 3 1% 1507 35 Lyes 2 27 May 2015
pas_valide PE32 - Advanced stack buffer overflow 1% 278 35 Ech0 4 3 December 2019
pas_valide ELF ARM - Basic ROP 1% 938 40 pickle 6 11 March 2017
pas_valide ELF MIPS - Basic ROP 1% 206 40 dagger 1 7 October 2018
pas_valide ELF RISC-V - Intro - let’s do the ROP 1% 95 40 nobodyisnobody 1 13 February 2023
pas_valide ELF x64 - Stack buffer overflow - Stack pivot 1% 202 40 spikeroot 0 11 July 2024
pas_valide ELF x86 - Stack buffer overflow - C++ vtables 1% 1064 40 sebbb 2 20 July 2015
pas_valide PE32+ Format string bug 1% 117 45 Ech0 1 3 December 2019
pas_valide ELF x64 - Logic bug 1% 265 50 sbrk 3 8 July 2017
pas_valide ELF x86 - Bug Hunting - Several issues 1% 152 50 sbrk 3 19 January 2018
pas_valide ELF x86 - Stack buffer and integer overflow 1% 2154 50 Lu33Y 4 8 February 2012
pas_valide ELF x86 - Stack buffer overflow - ret2dl_resolve 1% 481 50 kikko 4 28 February 2019
pas_valide ELF x86 - Stack buffer overflow basic 5 1% 2038 50 Lu33Y 1 8 February 2012
pas_valide ELF x64 - Stack buffer overflow - advanced 1% 1649 55 Arod 4 5 June 2015
pas_valide ELF MIPS - Format String Glitch 1% 102 60 pickle , martin 1 21 October 2018
pas_valide ELF x64 - Heap Filling 1% 137 60 voydstack 0 27 May 2021
pas_valide ELF x86 - Information leakage with Stack Smashing Protector 1% 1015 60 Arod 2 20 May 2015
pas_valide ELF x64 - File Structure Hacking 1% 129 65 nobodyisnobody 0 27 May 2021
pas_valide ELF ARM - Race condition 1% 180 70 pickle 1 3 June 2017
pas_valide ELF x64 - Browser exploit - Intro 1% 118 70 pickle 1 2 November 2018
pas_valide ELF x64 - Buggy VM 1% 92 70 NonStandardModel 0 10 June 2022
pas_valide ELF x64 - Heap Safe-Linking Bypass 1% 109 70 nobodyisnobody 1 22 October 2021
pas_valide ELF x64 - ret2dl_init 1% 66 70 kikko 0 27 May 2021
pas_valide ELF x86 - Out of bounds attack - French Paradox 1% 149 70 sbrk 3 17 September 2017
pas_valide ELF x86 - Remote BSS buffer overflow 1% 778 75 Tosh 1 6 February 2012
pas_valide ELF x86 - Remote Format String bug 1% 1020 75 Tosh 2 6 February 2012
pas_valide PE32+ Basic ROP 1% 81 75 Ech0 0 6 December 2019
pas_valide ELF x64 - Remote heap buffer overflow - tcache 1% 335 80 franb 1 5 February 2017
pas_valide ELF x86 - Blind remote format string bug 1% 353 80 Lyes 2 8 June 2015
pas_valide LinKern ARM - vulnerable syscall 1% 195 85 pickle 0 22 March 2017
pas_valide LinKern x86 - Buffer overflow basic 1 1% 604 85 franb 3 16 February 2016
pas_valide ELF x64 - Sigreturn Oriented Programming 1% 322 90 Arod 4 25 June 2015
pas_valide LinKern x86 - Null pointer dereference 1% 570 90 franb 1 16 February 2016
pas_valide ELF x64 - Syscall chaining 1% 40 95 Njörd 1 11 July 2024
pas_valide LinKern x64 - Race condition 1% 389 95 franb 3 16 February 2016
pas_valide ELF ARM - Alphanumeric shellcode 1% 58 100 pickle 2 16 March 2017
pas_valide ELF MIPS - URLEncoded Format String bug 1% 46 100 pickle 0 7 October 2018
pas_valide ELF x64 - Blind SROP 1% 31 100 s1m 0 28 December 2023
pas_valide ELF x64 - Heap Hop 1% 12 100 nobodyisnobody 0 11 July 2024
pas_valide ELF x86 - Hardened binary 1 1% 875 100 sm0k 3 11 February 2012
pas_valide ELF x86 - Hardened binary 2 1% 691 100 sm0k 3 11 February 2012
pas_valide ELF x86 - Hardened binary 3 1% 405 100 sm0k 1 11 February 2012
pas_valide ELF x86 - Hardened binary 4 1% 480 100 sm0k 2 11 February 2012
pas_valide LinKern MIPSel - Vulnerable ioctl 1% 84 100 pickle 0 23 October 2018
pas_valide LinKern x64 - reentrant code 1% 215 100 franb 2 1 March 2016
pas_valide ELF ARM - Heap format string bug 1% 100 105 franb 1 3 June 2017
pas_valide ELF ARM - Format String bug 1% 110 110 pickle 2 14 March 2017
pas_valide ELF ARM - Use After Free 1% 123 110 pickle 0 22 March 2017
pas_valide ELF x64 - FILE structure hijacking 1% 76 110 voydstack 3 27 May 2021
pas_valide ELF x64 - Heap feng-shui 1% 103 110 laxa 2 4 August 2017
pas_valide ELF x64 - Off-by-one bug 1% 168 110 NeedToLearn 3 19 May 2016
pas_valide ELF x86 - Hardened binary 5 1% 369 110 sm0k 1 11 February 2012
pas_valide LinKern ARM - Stack Overflow 1% 83 110 pickle 0 24 July 2017
pas_valide LinKern x86 - basic ROP 1% 330 110 franb 3 6 May 2016
pas_valide ELF ARM - Heap Off-by-One 1% 84 115 pickle 1 11 March 2017
pas_valide ELF x64 - Advanced blind format string exploitation 1% 18 115 nobodyisnobody 0 11 July 2024
pas_valide ELF x64 - Remote Heap buffer overflow 1 1% 203 115 Tosh 3 26 June 2015
pas_valide ELF x86 - Hardened binary 6 1% 350 115 sm0k 3 11 February 2012
pas_valide ELF x86 - Hardened binary 7 1% 295 115 Tosh 3 21 January 2013
pas_valide ELF x86 - Remote stack buffer overflow - Hardened 1% 213 115 franb 1 17 August 2016
pas_valide LinKern x64 - RowHammer 1% 121 115 pickle 2 17 March 2019
pas_valide LinKern x64 - SLUB off-by-one 1% 107 115 Tosh 2 9 May 2019
pas_valide ELF ARM - Heap buffer overflow - Wilderness 1% 49 120 pickle 1 25 March 2017
pas_valide ELF ARM - Heap Overflow 1% 71 120 pickle 1 2 April 2017
pas_valide ELF ARM64 - Heap Underflow 1% 37 120 nobodyisnobody 0 13 February 2023
pas_valide ELF x64 - Seccomp Whitelist 1% 105 120 pickle 0 3 June 2017
pas_valide ELF x86 - Blind ROP 1% 165 120 franb 0 9 October 2016
pas_valide LinKern x64 - Memory exploration 1% 159 120 franb 2 27 July 2016
pas_valide WinKern x64 - Advanced stack buffer overflow - ROP 1% 51 120 __syscall , Synacktiv 1 27 January 2020
pas_valide WinKern x64 - Use After Free 1% 37 120 __syscall , Synacktiv 0 27 January 2020
pas_valide ELF x64 - Remote Heap buffer overflow 2 1% 157 130 Tosh , Fritz 1 1 July 2015
pas_valide ELF x64 - Advanced Heap Exploitation - Heap Leakless & Fortified 1% 66 135 nobodyisnobody 1 27 May 2021
pas_valide ELF x64 - Blind ROP 1% 127 135 franb 1 10 March 2018
pas_valide ELF x64 - Browser exploit - BitString 1% 42 135 pickle 0 15 December 2018
pas_valide ELF ARM64 - Multithreading 1% 28 140 franb 0 13 February 2023