Syst3m Failure
  • Home
  • Research
  • CTF
  • About

Research

Exploit Development, Pentesting, CTFs

[corCTF 2022] CoRJail: From Null Byte Overflow To Docker Escape Exploiting poll_list Objects In The Linux Kernel
CTF, Research

[corCTF 2022] CoRJail: From Null Byte Overflow To Docker Escape Exploiting poll_list Objects In The Linux Kernel

CoRJail is a kernel exploitation challenge designed for corCTF 2022. Players were asked to escape from a hardened Docker container with custom seccomp filters exploiting a Off-By-Null vulnerability in a Linux Kernel Module …

  • Devil
Devil 17 August 2022 • 28 min read
[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver
Research

[CVE-2021-42008] Exploiting A 16-Year-Old Vulnerability In The Linux 6pack Driver

CVE-2021-42008 is a Slab-Out-Of-Bounds Write vulnerability in the Linux 6pack driver caused by a missing size validation check in the decode_data function. A malicious input from a process with CAP_NET_ADMIN capability can …

  • Devil
Devil 1 December 2021 • 34 min read
[corCTF 2021] Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel
CTF, Research

[corCTF 2021] Wall Of Perdition: Utilizing msg_msg Objects For Arbitrary Read And Arbitrary Write In The Linux Kernel

Wall of Perdition is the second and harder part of a two part series of kernel exploitation challenges designed by FizzBuzz101 and me for corCTF 2021. You can find the writeup for the first part, Fire of Salvation, on his …

  • Devil
Devil 27 August 2021 • 38 min read
[CVE-2021-3156] Exploiting Sudo Heap Overflow On Debian 10
Research

[CVE-2021-3156] Exploiting Sudo Heap Overflow On Debian 10

Recently the Qualys Research Team did an amazing job discovering a Heap overflow vulnerability in Sudo. In the next sections, we will analyze the bug and we will write an exploit to gain root privileges on Debian 10.

  • Devil
Devil 8 February 2021 • 20 min read
ret2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF Binaries
Research

ret2dl_resolve x64: Exploiting Dynamic Linking Procedure In x64 ELF Binaries

In this article, we will start analyzing the lazy binding process, we will proceed dissecting dl-runtime, understanding when it is possible to use this technique without a leak, and finally we will build our exploit.

  • Devil
Devil 12 May 2020 • 22 min read
Copyright © 2023, Syst3m Failure, all rights reserved.
Latest Posts Tags Sitemap