How can we achieve control flow hijacking when given arbitrary read / arbitrary write when Pointer Authentication (PAC) is enabled?

All of the challenges will have a different kext.

Critical Note: The machines that you are working on are purely ephemeral and none of your data there is saved!

This means that you must, must, must, save your files / solution locally if you want them to persist.

You've been warned.

Also, you can only use ssh hacker@pwn.college to acess the server, the Workspace and Desktop don't work.


Lectures and Reading


Challenges

Get the flag using the provided functionality.

Kext is in /Library/Extensions/IPwnKit.kext

Use log show to read the logs.

Get the flag using the provided functionality.

Kext is in /Library/Extensions/IPwnKit.kext

Use log show to read the logs.

Get the flag using the provided functionality.

Kext is in /Library/Extensions/IPwnKit.kext

Use log show to read the logs.

Get the flag using the provided functionality.

Kext is in /Library/Extensions/IPwnKit.kext

Use log show to read the logs.


30-Day Scoreboard:

This scoreboard reflects solves for challenges in this module after the module launched in this dojo.

Rank Hacker Badges Score