WinKern x64 - Use After Free

120 Points  0x0

Reversez le driver, trouvez les vulnerabilités qu’il expose et exploitez les sur un système Windows 10, afin d’obtenir les privilèges SYSTEM

Author

__syscallSynacktiv,  

Level  Difficulty

Validations

5 Challengers 1%

Note  Notation

1
2
3
4
5
14 Votes

To reach this part of the site please login

  Solution

Submit a solution

Challenge Results Challenge Results

Pseudo Challenge Lang date
hyliad   WinKern x64 - Use After Free 11 May 2020 at 09:55
kikko   WinKern x64 - Use After Free 21 April 2020 at 17:54
Tomtombinary   WinKern x64 - Use After Free 3 April 2020 at 18:20
BenK   WinKern x64 - Use After Free 28 March 2020 at 19:19
macz   WinKern x64 - Use After Free 5 February 2020 at 14:01

 75 Challenges

Results Name Validations Number of points  Explanation for the scores Difficulty  Difficulty Author Note  Notation Solution
pas_valide ELF x86 - Stack buffer overflow basic 1 8% 14433 5 Lyes 11
pas_valide ELF x86 - Stack buffer overflow basic 2 6% 10377 10 Lyes 10
pas_valide PE32 - Stack buffer overflow basic 1% 540 10 Ech0 6
pas_valide ELF x86 - Format string bug basic 1 4% 6773 15 Lu33Y 5
pas_valide ELF x64 - Stack buffer overflow - basic 3% 5130 20 Arod 6
pas_valide ELF x86 - Format string bug basic 2 2% 3379 20 Lyes 5
pas_valide ELF x86 - Race condition 3% 4624 20 Lu33Y 9
pas_valide ELF ARM - Stack buffer overflow - basic 1% 932 25 pickle 7
pas_valide ELF MIPS - Stack buffer overflow - No NX 1% 288 25 franb 2
pas_valide ELF x86 - Stack buffer overflow basic 3 2% 3376 25 Lyes 3
pas_valide ELF x86 - Use After Free - basic 1% 842 25 Esad 3
pas_valide PE32 - Advanced stack buffer overflow 1% 95 25 Ech0 3
pas_valide ELF ARM - Stack Spraying 1% 163 30 pickle 4
pas_valide ELF x86 - BSS buffer overflow 2% 3286 30 Lu33Y 7
pas_valide ELF x86 - Stack buffer overflow basic 4 2% 2176 30 Lu33Y 5
pas_valide ELF x86 - Stack buffer overflow basic 6 2% 1972 30 TiWim 5
pas_valide ELF x86 - Format String Bug Basic 3 1% 889 35 Lyes 2
pas_valide ELF ARM - Basic ROP 1% 466 40 pickle 5
pas_valide ELF MIPS - Basic ROP 1% 82 40 dagger 1
pas_valide ELF x86 - Stack buffer overflow - C++ vtables 1% 638 40 sebbb 2
pas_valide PE32+ Format string bug 1% 44 40 Ech0 1
pas_valide ELF x64 - Logic bug 1% 137 50 sbrk 3
pas_valide ELF x86 - Bug Hunting - Several issues 1% 71 50 sbrk 1
pas_valide ELF x86 - Stack buffer and integer overflow 1% 1565 50 Lu33Y 3
pas_valide ELF x86 - Stack buffer overflow - ret2dl_resolve 1% 135 50 kikko 0
pas_valide ELF x86 - Stack buffer overflow basic 5 1% 1440 50 Lu33Y 1
pas_valide ELF x64 - Stack buffer overflow - advanced 1% 926 55 Arod 4
pas_valide ELF MIPS - Format String Glitch 1% 37 60 pickle, martin 1
pas_valide ELF x86 - Information leakage with Stack Smashing Protector 1% 670 60 Arod 2
pas_valide ELF ARM - Race condition 1% 94 70 pickle 1
pas_valide ELF x64 - Browser exploit - Intro 1% 54 70 pickle 1
pas_valide ELF x86 - Out of bounds attack - French Paradox 1% 80 70 sbrk 3
pas_valide ELF x86 - Remote BSS buffer overflow 1% 661 75 Tosh 1
pas_valide ELF x86 - Remote Format String bug 1% 822 75 Tosh 2
pas_valide PE32+ Basic ROP 1% 19 75 Ech0 0
pas_valide ELF x64 - Remote heap buffer overflow - fastbin 1% 208 80 franb 1
pas_valide ELF x86 - Blind remote format string bug 1% 236 80 Lyes 1
pas_valide LinKern ARM - vulnerable syscall 1% 97 85 pickle 0
pas_valide LinKern x86 - Buffer overflow basic 1 1% 343 85 franb 2
pas_valide LinKern x86 - Null pointer dereference 1% 344 90 franb 0
pas_valide LinKern x64 - Race condition 1% 214 95 franb 0
pas_valide ELF ARM - Alphanumeric shellcode 1% 29 100 pickle 2
pas_valide ELF MIPS - URLEncoded Format String bug 1% 17 100 pickle 0
pas_valide ELF x86 - Hardened binary 1 1% 578 100 sm0k 3
pas_valide ELF x86 - Hardened binary 2 1% 458 100 sm0k 3
pas_valide ELF x86 - Hardened binary 3 1% 289 100 sm0k 1
pas_valide ELF x86 - Hardened binary 4 1% 318 100 sm0k 2
pas_valide LinKern MIPSel - Vulnerable ioctl 1% 32 100 pickle 0
pas_valide LinKern x64 - reentrant code 1% 110 100 franb 1
pas_valide ELF ARM - Heap format string bug 1% 56 105 franb 0
pas_valide ELF x64 - Sigreturn Oriented Programming 1% 191 105 Arod 3
pas_valide ELF ARM - Format String bug 1% 68 110 pickle 1
pas_valide ELF ARM - Use After Free 1% 68 110 pickle 0
pas_valide ELF x64 - Heap feng-shui 1% 52 110 laxa 2
pas_valide ELF x64 - Off-by-one bug 1% 101 110 NeedToLearn 2
pas_valide ELF x86 - Hardened binary 5 1% 245 110 sm0k 1
pas_valide LinKern ARM - Stack Overflow 1% 37 110 pickle 0
pas_valide LinKern x86 - basic ROP 1% 168 110 franb 1
pas_valide ELF ARM - Heap Off-by-One 1% 39 115 pickle 1
pas_valide ELF x64 - Remote Heap buffer overflow 1 1% 128 115 Tosh 3
pas_valide ELF x86 - Hardened binary 6 1% 229 115 sm0k 3
pas_valide ELF x86 - Hardened binary 7 1% 194 115 Tosh 3
pas_valide ELF x86 - Remote stack buffer overflow - Hardened 1% 116 115 franb 1
pas_valide LinKern x64 - RowHammer 1% 42 115 pickle 1
pas_valide LinKern x64 - SLUB off-by-one 1% 27 115 Tosh 1
pas_valide ELF ARM - Heap buffer overflow - Wilderness 1% 24 120 pickle 1
pas_valide ELF ARM - Heap Overflow 1% 26 120 pickle 1
pas_valide ELF x64 - Seccomp Whitelist 1% 39 120 pickle 0
pas_valide ELF x86 - Blind ROP 1% 92 120 franb 0
pas_valide Linkern x64 - Memory exploration 1% 75 120 franb 1
pas_valide WinKern x64 - Advanced stack buffer overflow - ROP 1% 8 120 __syscall, Synacktiv 0
pas_valide WinKern x64 - Use After Free 1% 5 120 __syscall, Synacktiv 0
pas_valide ELF x64 - Remote Heap buffer overflow 2 1% 95 130 Tosh, Fritz 1
pas_valide ELF x64 - Blind ROP 1% 62 135 franb 1
pas_valide ELF x64 - Browser exploit - BitString 1% 19 135 pickle 0