Writeup by: Zanderdk
Introduction
On the 2021-01-26 qualy released this article describing a “new” (actually 10 year old) bug in sudo that allows an attacker to do privilege escalation though a heap buffer overflow. Unfortunately they did not release exploit/POC so I decided to build one myself and failed. โฆ
Read MoreThe challenge is a simple HTML file with a keypad that allows you to input 4 digit pin. The file loads
main.jsand callsModule.ccall('validate')to check the pin.Upon beautifying the JS we see that it calls
run()which in turns runs:1 2 3 4 5preRun(); initRuntime(); // => __wasm_call_ctors => โฆ
Read More- Every year since 2017 the Danish National Cyber Crime Center (NC3) arranges a christmas CTF. 2020 was the first year where Kalmarunionen particpated and what a year! The challenges were released on November 27th and by the evening November 28th we managed to be the first team to solve all of them. It did not go down โฆ
Read More As a relatively new team based in Denmark, we are currently limiting our recruitment focus to experienced players either based in Denmark, or who otherwise have strong ties to Scandinavia, as well as those who are invited by current team members.
If you are interested in playing with Kalmarunionen, simply write us an โฆ
Read MoreKalmarunionen is a Capture The Flag (CTF) team within cybersecurity. We hack stuff and this is our website. Occasionally we also post writeups and tutorials on how we solved different cybersecurity challenges.
You can always check our world ranking here.
Read More- Kalmarunionen is the result of a lot of CTF teams uniting - primarily Danish. We have done this as it is hard to keep the commitment when being part of a small team of only a few players - the team is very vulnerable in case a single or two members decides to leave. With Kalmarunionen we intend on being a bigger team โฆ
Read More