I removed an unintended bug, updated my exploit to RS4 and brought my elgoog challenge from 34c3ctf back to life for WCTF. @j00ru managed to solved it without the intended pool metadata corruption, nice
-
Show this thread
-
Replying to @_niklasb
Cool task! I'm curious about the metadata corruption, shall we exchange some more detailed write-ups/exploits? ;)
1 reply 1 retweet 3 likes -
Replying to @j00ru
We can absolutely, just didn’t want to publish much so far because I knew I might reuse it
1 reply 0 retweets 1 like -
Replying to @_niklasb
Great, I'll clean up the code a bit and let you know
1 reply 0 retweets 3 likes -
Replying to @j00ru
I dumped my own exploit (& sources) at https://github.com/niklasb/elgoog/ , but that's only some short comments in the exploit code so far. I'm just overwriting PrevSize, but it's quite painful to get the right data into the chunks under the constraints given by the driver.
2 replies 9 retweets 32 likes -
Replying to @_niklasb
By the way, I was curious -- any specific reason for changing the limit for "needed" at https://github.com/niklasb/elgoog/blob/master/searchme/index.c#L271 … from 0x10000000 to 0x10000 between elgoog and searchme? I think this was the only other change except the added "compressed" flag check.
1 reply 0 retweets 2 likes -
Replying to @j00ru
No, I don't even remember changing that. I might have just added some random restrictions to make it harder, WCTF after all :>
1 reply 0 retweets 1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.