Sudo Exploit Writeup
Jan 29, 2021 sudoWriteup by: Zanderdk Introduction On the 2021-01-26 qualy released this article describing a “new” (actually 10 year old) bug in sudo that allows an attacker to do privilege escalation though a heap buffer overflow. Unfortunately they did not release exploit/POC so I decided to build one myself and failed. …
Read MoreBambooFox CTF: The Vault
Jan 18, 2021The Vault The challenge is a simple HTML file with a keypad that allows you to input 4 digit pin. The file loads main.js and calls Module.ccall('validate') to check the pin. Upon beautifying the JS we see that it calls run() which in turns runs: preRun(); initRuntime(); // => __wasm_call_ctors => …
Read More