Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

> BGGP #3 (2022), Find loophole in any software

views
     
junyian
post Jun 19 2022, 08:44 AM

Casual
***
Junior Member
361 posts

Joined: Jan 2003


Interesting challenge. I joined their Discord out of curiosity and there are some really interesting conversations.

Someone managed to crash something, ended up with eip and edx with 33333333
junyian
post Jun 19 2022, 03:37 PM

Casual
***
Junior Member
361 posts

Joined: Jan 2003


QUOTE(FlierMate1 @ Jun 19 2022, 12:25 PM)
Hope to see your name in final result of BGGP #3.  rclxms.gif

I guess Windows 11 is too strong to break, not easy to find way to crash their apps.

Like @netspooky said, someone managed to crash media player with 1-byte file, but I already tried that before, with 0-byte or 1-byte DOCX, WAV, MP3, Microsoft's apps handle them very steady and properly.

Looks like I must find not well-known app to crash. What do you think, @junyian and @angch?
*
I’m equally clueless. Haha. It’s not as if I purposely find apps to crash every now and then. When I first read the intro to the competition, my first thought is to browse CVEs. But man, even that is so tedious.
junyian
post Jul 3 2022, 05:48 PM

Casual
***
Junior Member
361 posts

Joined: Jan 2003


I finally found a crash target after a lot of browsing CVEs. It comes with a POC file too so it saves me a lot of work. After a few nights of debugging and understanding the relevant code, I managed to reduce the file size a little bit. Now to try control the crash and get PC 3333.
junyian
post Jul 6 2022, 06:22 PM

Casual
***
Junior Member
361 posts

Joined: Jan 2003


QUOTE(FlierMate1 @ Jul 4 2022, 07:02 PM)
All the best, hopefully you can make it crash at Program Counter 3 or 3333, which entitled to bonus points.

I am not participating, I know practicing from known bug is useful, but I want new crash!  rclxm9.gif

At least now I know what these group of security researchers are doing, tiny PE/ELF, polyglot, and white hat hacking.

junyian, makes Malaysia proud. (BTW, they won't mention nationality)
*
I’ve never written exploits before, and this seems like a pretty hard buffer overflow to exploit (at least to a complete newbie that I am). I don’t think I can finish learning this by the deadline. Haha.

 

Change to:
| Lo-Fi Version
0.0177sec    0.70    6 queries    GZIP Disabled
Time is now: 11th August 2022 - 06:53 PM