If you’ve ever wondered ‘Which Ke$ha songs are short enough to fit into a Tcache bin?’ this is the challenge for you.

Description

The challenge description linked to golf.so.pwni.ng, which had a scoreboard, and an upload page with the following instructions:

32-bit programs on macOS Mojave are probably the most obscure configuration for Mac software. Due to various changes in Mojave, previous resources to inject into 32-bit programs are no longer functional. There have been posts on injecting into 64-bit programs, but the 32-bit resources have not been updated. This post details our work on writing a library injection tool for 32-bit applications on macOS Mojave.

The server for this challenge accepts C source code and compiles it into an executable using Clang. Our objective is to recover the contents of the flag file, but our code is never executed. The server only tells us whether the compilation was successful and produced no warnings.

This was a CGI binary written in C which used libmysqlclient to query results given by the user, powered by the GoAhead embedded web server.

LazyHouse ended up being a 300 point pwn challenge from HITCON Quals 2019. It was a fairly straightforward menu-based heap binary, using libc version 2.29.

Pop Goes the Printer was a 500 point pwn challenge from CSAW CTF Quals 2019. It was a fairly large binary framed as real printer software. The bugs felt accidental, and much of the code was irrelevant to the exploitation process, making it feel a lot more like a real-world target than a pwnable. RPISEC was the only solve for this challenge.

I found this challenge from TokyoWesterns CTF to be especially interesting and refreshing. The format is that of a standard Linux kernel challenge: we are provided with a kernel image, filesystem, and script to run everything under qemu. We have access to an unprivileged shell over ssh, and the flag is only readable by root. The author also provided source for the custom kernel module.

‘Didn’t touch, check the rules.’ [cit.]

tania.quals2019.oooverflow.io 5000

Files:
* tania

This challange was from the CSAW Qualification round this year. It consisted of a forum-like application on a webserver written almost entirely in SQL. It was solved by zap, negasora and Hawkheart