Write-up about the "Yet Another HR Management Framework" exploit challenge from the Ritsec CTF 2k18. Use After Free on a binary compiled from Go lang source code! #exploitpwntera.fr/write-up/2018/11/…
Take advantage of finding 🍏 iOS vulnerabilities while you can, in 30 years there won't be any.
Bootstrap your iOS research at #HEXACON2024 thanks to @0xdagger and Etienne Helluy-Lafont:
➡️hexacon.fr/trainer/meffre_he…
📆 30/09-03/10 2024
📍Espace Vinci, Rue des Jeuneurs, Paris
Of course, code execution could be reached by corrupting a JSFunction but we just highligthed what we already had. We steel had an HTMLTextAreaElement leak. This object can be used to leak binary address and control RIP. The result would be the same with both objects I think :-)
No needed to dump the whole binary to get the password. The address of the password was on the stack. By the way, my goal was to get a shell and not to simply get the password / flag 😉
How to exploit a format-strings without having access to the binary on an AMD64 Linux system. (Blind format-strings) Write-UP on the "Bad-auth" SEC-IT challenge.
quentinmeffre.fr/write-up/20…