#pwn

12 writeups

Overview
K17 CTF · 2025
Binary Exploitation

category: reversing (with a light pwn twist)

#pwn #ghidra #pwntools
CTF Write-up — abnormaleak (Format String + Stack Leak)
Hackthebooctf · 2025
Binary Exploitation

Binary: abnormaleak (ELF 64-bit, x86-64, dynamically linked, not stripped)

#pwn #format-string
Midnight Relay - BITSCTF Pwn Writeup
BITS CTF · 2025
Binary Exploitation

---

#pwn #rop #heap #crypto
CTF Write-up — Mauryan Royal Archive (Format String → Flip Globals → Print Flag)
H7 CTF · 2025
Binary Exploitation

- **Category:** Pwn / Binary Exploitation - **Difficulty:** Medium - **Binary:** `imperial_archive` (ELF 32-bit, i386, dynamically linked, not stripped) - **Protections:** NX, Part

#pwn #format-string
Writeup — PointerOverflow CTF: A Micromachine (exploit / writeup)
Pointeroverflowctf · 2025
Binary Exploitation

**Challenge:** A Micromachine — read-only device/OTP/flag combined challenge (web / queuer helper). **Target:** get `/app/public/playlist.txt` to contain `/flag/flag.txt` content.

#pwn #crypto
Echo
Srdnlenctf · 2025
Binary Exploitation

`Echo` is a small remote pwn challenge:

#pwn #format-string #rop #pwntools
bss-bof writeup
TKB CTF · 2025
Binary Exploitation

The exploit is the same core idea as `stack-bof`: the useful bug is not the final `gets()` alone, but the pair:

#pwn #fsop #docker
Very Simple FSB Writeup
TKB CTF · 2025
Binary Exploitation

- Name: `Very Simple FSB` - Category: `pwn` - Remote: `35.194.108.145:13840`

#pwn #format-string
stack-bof writeup
TKB CTF · 2025
Binary Exploitation

The bug is not the final `gets()` by itself. The real primitive is:

#pwn #rop #fsop #docker
Favorite Potato — REV CTF Writeup
B01lersctf · 2025
Binary Exploitation

**Flag:** `bctf{Nev3r_underst00d_why_we_n33d_TSX_and_TXS_unt1l_n0w..:D}`

#pwn #crypto
priority-queue writeup
B01lersctf · 2025
Binary Exploitation

Source first:

#pwn #heap
spelling-bee writeup
B01lersctf · 2025
Binary Exploitation

The bug is a use-after-free in the Forth dictionary.

#pwn #heap