Insomni’hack finals – smtpwn writeup
This challenge was solved by several teams during the contest, however it seems that most teams didn’t have the intended solution, so here it is The source, binary and exploit for this challenge can be...
View ArticleInsomni’hack finals – Jurassic Sparc writeup
This task wasn’t solved during the CTF. People must hate sparc! Find the binary, sources and exploit here! In this task you were provided a sparc server binary and a python client, which was a Tkinter...
View ArticleInsomni’hack finals – SH1TTY writeup
This challenge wasn’t solved during the CTF, but StratumAuhuur was pretty close! The source, binary and exploit for this challenge can be found on our github here. Description: “Can you write a kernel...
View ArticleExploiting a misused C++ shared pointer on Windows 10
In this post I describe a detailed solution to my “winworld” challenge from Insomni’hack CTF Teaser 2017. winworld was a x64 windows binary coded in C++11 and with most of Windows 10 built-in...
View ArticleMagento – RCE & Local File Read with low privilege admin rights
I regularly search for vulnerabilities on big services that allow it and have a Bug Bounty program. Here is a second paper which covers two vulnerabilities I discovered on Magento, a big ecommerce CMS...
View Article