App - System

These challenges will help you understand applicative vulnerabilities.

Login credentials are provided for different challenge, the goal is to obtain additional rights by exploiting program’s weaknesses and get a password to validate challs on the portal.

Prerequisite:
– GDB.
– Knowledges in ASM.
– Knowledges in C language.

93 Challenges

Results	Name	Validations	Number of points ↓↑	Difficulty	Author	Note	Solution	Date
	ELF ARM64 - Multithreading	1% 21	140		franb		0	13 February 2023
	ELF x64 - Browser exploit - BitString	1% 40	135		pickle		0	15 December 2018
	ELF x64 - Blind ROP	1% 125	135		franb		1	10 March 2018
	ELF x64 - Advanced Heap Exploitation - Heap Leakless & Fortified	1% 62	135		nobodyisnobody		1	27 May 2021
	ELF x64 - Remote Heap buffer overflow 2	1% 153	130		Tosh , Fritz		1	1 July 2015
	ELF x64 - Seccomp Whitelist	1% 99	120		pickle		0	3 June 2017
	ELF ARM - Heap buffer overflow - Wilderness	1% 47	120		pickle		1	25 March 2017
	ELF ARM64 - Heap Underflow	1% 32	120		nobodyisnobody		0	13 February 2023
	ELF ARM - Heap Overflow	1% 64	120		pickle		1	2 April 2017
	ELF x86 - Blind ROP	1% 164	120		franb		0	9 October 2016
	LinKern x64 - Memory exploration	1% 152	120		franb		2	27 July 2016
	WinKern x64 - Advanced stack buffer overflow - ROP	1% 46	120		__syscall , Synacktiv		1	27 January 2020
	WinKern x64 - Use After Free	1% 34	120		__syscall , Synacktiv		0	27 January 2020
	LinKern x64 - SLUB off-by-one	1% 99	115		Tosh		2	9 May 2019
	LinKern x64 - RowHammer	1% 113	115		pickle		2	17 March 2019
	ELF x86 - Remote stack buffer overflow - Hardened	1% 207	115		franb		1	17 August 2016
	ELF x86 - Hardened binary 7	1% 287	115		Tosh		3	21 January 2013
	ELF x86 - Hardened binary 6	1% 342	115		sm0k		3	11 February 2012
	ELF x64 - Remote Heap buffer overflow 1	1% 197	115		Tosh		3	26 June 2015
	ELF x64 - Advanced blind format string exploitation	1% 11	115		nobodyisnobody		0	11 July 2024
	ELF ARM - Heap Off-by-One	1% 79	115		pickle		1	11 March 2017
	ELF x64 - Heap feng-shui	1% 99	110		laxa		2	4 August 2017
	ELF ARM - Format String bug	1% 105	110		pickle		2	14 March 2017
	ELF ARM - Use After Free	1% 118	110		pickle		0	22 March 2017
	ELF x64 - FILE structure hijacking	1% 70	110		voydstack		3	27 May 2021
	LinKern ARM - Stack Overflow	1% 79	110		pickle		0	24 July 2017
	ELF x64 - Off-by-one bug	1% 161	110		NeedToLearn		3	19 May 2016
	ELF x86 - Hardened binary 5	1% 362	110		sm0k		1	11 February 2012
	LinKern x86 - basic ROP	1% 310	110		franb		3	6 May 2016
	ELF ARM - Heap format string bug	1% 96	105		franb		1	3 June 2017
	ELF ARM - Alphanumeric shellcode	1% 52	100		pickle		2	16 March 2017
	ELF MIPS - URLEncoded Format String bug	1% 42	100		pickle		0	7 October 2018
	ELF x64 - Blind SROP	1% 25	100		s1m		0	28 December 2023
	ELF x64 - Heap Hop	1% 9	100		nobodyisnobody		0	11 July 2024
	ELF x86 - Hardened binary 1	1% 853	100		sm0k		3	11 February 2012
	ELF x86 - Hardened binary 2	1% 671	100		sm0k		3	11 February 2012
	ELF x86 - Hardened binary 3	1% 397	100		sm0k		1	11 February 2012
	ELF x86 - Hardened binary 4	1% 466	100		sm0k		2	11 February 2012
	LinKern MIPSel - Vulnerable ioctl	1% 76	100		pickle		0	23 October 2018
	LinKern x64 - reentrant code	1% 203	100		franb		2	1 March 2016
	LinKern x64 - Race condition	1% 375	95		franb		3	16 February 2016
	ELF x64 - Syscall chaining	1% 31	95		Njörd		1	11 July 2024
	LinKern x86 - Null pointer dereference	1% 552	90		franb		1	16 February 2016
	ELF x64 - Sigreturn Oriented Programming	1% 309	90		Arod		4	25 June 2015
	LinKern ARM - vulnerable syscall	1% 182	85		pickle		0	22 March 2017
	LinKern x86 - Buffer overflow basic 1	1% 584	85		franb		3	16 February 2016
	ELF x86 - Blind remote format string bug	1% 346	80		Lyes		2	8 June 2015
	ELF x64 - Remote heap buffer overflow - tcache	1% 323	80		franb		1	5 February 2017
	PE32+ Basic ROP	1% 79	75		Ech0		0	6 December 2019
	ELF x86 - Remote Format String bug	1% 1003	75		Tosh		2	6 February 2012
	ELF x86 - Remote BSS buffer overflow	1% 768	75		Tosh		1	6 February 2012
	ELF ARM - Race condition	1% 166	70		pickle		1	3 June 2017
	ELF x86 - Out of bounds attack - French Paradox	1% 143	70		sbrk		3	17 September 2017
	ELF x64 - ret2dl_init	1% 62	70		kikko		0	27 May 2021
	ELF x64 - Heap Safe-Linking Bypass	1% 94	70		nobodyisnobody		1	22 October 2021
	ELF x64 - Buggy VM	1% 85	70		NonStandardModel		0	10 June 2022
	ELF x64 - Browser exploit - Intro	1% 112	70		pickle		1	2 November 2018
	ELF x64 - File Structure Hacking	1% 119	65		nobodyisnobody		0	27 May 2021
	ELF x86 - Information leakage with Stack Smashing Protector	1% 957	60		Arod		2	20 May 2015
	ELF x64 - Heap Filling	1% 124	60		voydstack		0	27 May 2021
	ELF MIPS - Format String Glitch	1% 97	60		pickle , martin		1	21 October 2018
	ELF x64 - Stack buffer overflow - advanced	1% 1570	55		Arod		4	5 June 2015
	ELF x64 - Logic bug	1% 260	50		sbrk		3	8 July 2017
	ELF x86 - Stack buffer overflow basic 5	1% 1967	50		Lu33Y		1	8 February 2012
	ELF x86 - Stack buffer overflow - ret2dl_resolve	1% 438	50		kikko		4	28 February 2019
	ELF x86 - Stack buffer and integer overflow	1% 2071	50		Lu33Y		4	8 February 2012
	ELF x86 - Bug Hunting - Several issues	1% 143	50		sbrk		3	19 January 2018
	PE32+ Format string bug	1% 116	45		Ech0		1	3 December 2019
	ELF ARM - Basic ROP	1% 908	40		pickle		5	11 March 2017
	ELF MIPS - Basic ROP	1% 196	40		dagger		1	7 October 2018
	ELF x64 - Stack buffer overflow - Stack pivot	1% 143	40		spikeroot		0	11 July 2024
	ELF RISC-V - Intro - let’s do the ROP	1% 88	40		nobodyisnobody		1	13 February 2023
	ELF x86 - Stack buffer overflow - C++ vtables	1% 1005	40		sebbb		2	20 July 2015
	PE32 - Advanced stack buffer overflow	1% 269	35		Ech0		4	3 December 2019
	ELF x86 - Format String Bug Basic 3	1% 1424	35		Lyes		2	27 May 2015
	ELF x86 - BSS buffer overflow	2% 4425	30		Lu33Y		7	8 February 2012
	ELF x64 - Stack buffer overflow - PIE	1% 1266	30		HomardBoy		3	26 March 2021
	ELF ARM - Stack Spraying	1% 306	30		pickle		4	2 April 2017
	ELF x86 - Stack buffer overflow basic 4	1% 3091	30		Lu33Y		5	8 February 2012
	ELF x86 - Stack buffer overflow basic 6	1% 3295	30		TiWim		5	10 March 2016
	ELF x86 - Use After Free - basic	1% 2144	25		Esad		3	26 May 2019
	ELF x86 - Stack buffer overflow basic 3	2% 5448	25		Lyes		5	10 April 2015
	ELF x64 - Double free	1% 1171	25		Esad		2	23 March 2021
	ELF MIPS - Stack buffer overflow - No NX	1% 585	25		franb		2	28 September 2018
	ELF ARM - Stack buffer overflow - basic	1% 1475	25		pickle		7	9 March 2017
	ELF x86 - Race condition	2% 6754	20		Lu33Y		10	8 February 2012
	ELF x86 - Format string bug basic 2	2% 5365	20		Lyes		5	8 April 2015
	ELF x64 - Stack buffer overflow - basic	3% 8122	20		Arod		7	31 May 2015
	ELF x86 - Format string bug basic 1	3% 10526	15		Lu33Y		6	8 February 2012
	ELF x86 - Stack buffer overflow basic 2	5% 16886	10		Lyes		10	10 April 2015
	ELF x64 - Basic heap overflow	1% 2039	10		sourcePerrier		1	13 February 2023
	PE32 - Stack buffer overflow basic	1% 2430	10		Ech0		8	3 December 2019
	ELF x86 - Stack buffer overflow basic 1	7% 24508	5		Lyes		11	25 March 2015

Challenge Results

Pseudo	Challenge	Lang	Date
hack0408	ELF MIPS - Stack buffer overflow - No NX		25 February 2025 at 22:20
Fest	ELF x86 - Format string bug basic 2		25 February 2025 at 19:01
corpsfini	ELF x86 - Stack buffer overflow - C++ vtables		25 February 2025 at 18:57
WannaCry	ELF x86 - Hardened binary 2		25 February 2025 at 18:39
RamsesLeSecond	ELF x86 - Stack buffer overflow basic 3		25 February 2025 at 18:10
trocenni	ELF x86 - Stack buffer overflow basic 1		25 February 2025 at 17:35
Kantreer	ELF x86 - Stack buffer overflow basic 1		25 February 2025 at 17:16
avmmichel	ELF x86 - Stack buffer overflow basic 1		25 February 2025 at 17:14
AxFrancois	ELF x64 - Stack buffer overflow - basic		25 February 2025 at 16:47
A. Pinsard	ELF x64 - Stack buffer overflow - avancé		25 February 2025 at 15:53