Pwn



Challenges

Description:

A simple buffer overflow with a twist. Be quick to run your exploit — /flag is removed five minutes after the challenge starts!

Author: hubertf

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

Description:

Dio has fallen you into his trap. Can you still beat him with your stand?

Author: Ron #world's No2 AI hater

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

DECLASSIFICATION ARCHIVE // CASE FILE: ██████-███

WARNING: DATA SUBJECT TO THE STATE SECRETS ACT OF ████


DECLASSIFICATION PROJECT: P.U.M.P.R

The document below was recovered during the midnight raid on the ███████████████ central repository. This is the final blueprint regarding their volatile storage infrastructure before the facility went dark.


CLASSIFICATION: TOP SECRET // SCI // SAP // NOFORN

CATEGORY: KERNEL, MICROARCH, PWN
AUTHOR: FLUFFY

DECLASSIFIED OPERATIONAL INTEL

Our analysts are still debating whether █████████.ko was engineered by a rogue ██████, or if it was literally coded by an actual fox walking across a keyboard. The module's implementation is a bizarre mix of custom optimizations and completely wild memory management choices that defies all standard sanity.

The module provisions a high-speed RAM disk mounted at ███████████. While the filesystem itself acts as a decoy or secondary storage, the primary target, the root-restricted ████ file, remains securely locked down by standard system permissions that your current ████████████ context cannot access.

To protect its ████████ ██████████ from tampering, the architect built a paranoid defense mechanism directly into the driver. Every critical kernel pointer is cryptographically ██████ and ██████ before use. If you try to overwrite a control structure without the correct cryptographic signature, the ██████ will immediately panic.

Your objective is to probe the █████████ of █████████, and analyze how it handles data allocation, manages its signed pointer tags, and isolates its physical memory boundaries. You must orchestrate a low-level memory exploit to compromise the kernel space, forge the necessary authenticated pointers to escalate your privileges, and read the ████.

Your secondary objective is to look for any definitive proof in the kernel memory space confirming whether the ██████ is, in fact, an actual fox.

Be advised: the environment is highly unstable. Triggering an unhandled exception or a kernel warning will instantly scrub the RAM disk, destroying the environment.

Connect with SSH

Link your SSH key, then connect with: ssh [email protected]

30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score