Nuno Sabino
Nuno Sabino
Is it possible to use one_gadget on a normal binary? Sometimes in CTFs there are calls to execve("/bin/sh") somewhere in user code. One hackish way I found to make one_gadget...
This fixes memory and `invalid string length` errors in JSON.stringify when dumping the CG as a JSON. Adapted this solution: https://dev.to/madhunimmo/json-stringify-rangeerror-invalid-string-length-3977 as it fits very well in our use case,...
Shouldn't `void cgc__terminate(unsigned int status)` in libcgc actually receive a normal `int`? Some of the challenges return a negative status.
Hello. In the WhackJack challenge, in the service.c file we can see it is declared a `playerInfoType players[MAX_PLAYERS]` but this vector (and consequently the `player_name` attribute of each player) is...
There are 11 packages that seem to me that are mislabeled. You can collect them by doing `grep -r "expect({}.polluted).toBe(undefined);"` on the `code-injection` folder. Instead of arbitrary code execution, the...
In the file `sink_locations_ace_breakout.txt` we can read the following line: `is-my-json-valid_2.20.0 > index.js:172:21` But after downloading the package, that line does not contain any sink call: ```JavaScript 168. } else...
This could be exploited to prevent a team from collecting flags from exploit outputs in one round, as long as a maliciously modified service is attacked on that round.