Category: Uncategorized

I come up with this post, since gRPC quick start manual for cpp does not recommend installing gRPC globally on your system – “because there is no easy way to uninstall gRPC” and I do not want to contaminate my Ubuntu machine. So I wrote a Dockerfile, which will setup the build environment for the…

We are given following source code and hints: Stack6 looks at what happens when you have restrictions on the return address.This level can be done in a couple of ways, such as finding the duplicate of the payload ( objdump -s will help with this), or ret2libc , or even return orientated programming.It is strongly…

We are given following hints and source code: Hints At this point in time, it might be easier to use someone elses shellcode If debugging the shellcode, use \xcc (int3) to stop the program executing and return to the debugger remove the int3s once your shellcode is done. This program seems to do nothing special,…

You can find the source code HERE

What does the pop-up manual tell us? OVERVIEW This lock is attached the the LockIT Pro HSM-2. We have updated the lock firmware to connect with this hardware security module. So far so good. What’s written in the details section? DETAILS … This is Software Revision 01. The firmware has been updated to connect with…

Let’s have a look at the Montevideo pop-manual: OVERVIEW Lockitall developers have rewritten the code to conform to the internal secure development process. This lock is attached the the LockIT Pro HSM-2. Again, what’s the main difference between HSM-1 and HSM-2? If you have a look in the manual, you will see that the interface…

In the previous level Cusco we saw, that the program is consuming more than 16 bytes, although we were told that the maximum password length is 16 bytes. So simply don’t trust all messages 😀 Let’s see what the pop-up menu tells us this time: OVERVIEW A firmware update rejects passwords which are too long….

Next level: Cusco!Let’s see what the pop-menu says: OVERVIEWWe have fixed issues with passwords which may be too long. This lock is attached the the LockIT Pro HSM-1. We’ll check that for sure, if a too long password can still exploit the programm… The main function has just one instruction: calling login. So we’ll just…

The pop-up manual tells us… OVERVIEWThis lock is attached the the LockIT Pro HSM-1. We have updated the lock firmware to connect with the hardware security module. Let’s start:The main function is basically just redirecting us to the login function, so I will skip main and go directly to login Do you see where the…

Starting the level, the pop-up manual tells us: OVERVIEW Lockitall developers have implemented military-grade on-device encryption to keep the password secure. This lock is not attached to any hardware security module. Let’s check out, how secure this is… Again, let’s have a look at the main function: No functions like check_password or unlock_door like in…