Sometimes a coder, no matter how experienced, makes incredibly novice mistake. These mistakes commonly find their way into finished software, and can be exploited by users to make the program do things that were not intended. Sometimes these result in funny glitches that make interesting YouTube Videos, sometimes its far more serious and results in the ability for a user or an attacker to gain root or administrator access to a system.
Deal me into a hand of Blackjack
Our second foray into pwnable.kr takes us into a Blackjack script written by a student named Vladislav Shulman on the C Programming forums. The Program does as you’d expect, allowing players to bet from a limited purse; and playing a random game of Blackjack (21). Our challenge to get the flag: earn ourselves a million dollars at this fake casino table. Of course, you could play this the intended way… but then why would you be here? (more…)
Getting Started with Pwnable.kr
This post is the first in a series about pwnable.kr; an open online CTF open to anyone who’d like to try their hand at the challenges it provides. As with many CTFs, if this is your first or you’re new to the concepts that it relies on, the challenges can seem quite daunting. Through this series we’re going to try to cover not only the solutions, but why they work, and where you can find more information regarding each. (more…)