2025 TRX CTF - /dev/mem - part 2
2025-05-19 6 words 1 min

2025 TRX CTF - /dev/mem - part 2

Here's something encrypted, password is required to continue reading.
XHLJ 2021-easykernel - writeup
2025-05-14 3.2k words 16 mins

XHLJ 2021-easykernel - writeup

XHLJ 2021-easykernel - writeup Author : 堇姬 Naup analyze一樣的題目給了三個文件 12345naup96321@naup96321-virtual-machine:~/Desktop/ekernel$ tree.├── bzImage├── rootfs.img.gz└── start.sh 先解包 file system 123mkdir -p sysfilegunzip rootfs.img.gzcpio -idmv -D sysfile < rootfs.img 順便寫 pack.sh 打包 1find . | cpio -
San Diego CTF 2025 - all pwn challenge
2025-05-12 1.2k words 7 mins

San Diego CTF 2025 - all pwn challenge

San Diego CTF 2025 - all pwn challenge Author: 堇姬 Naup PrefaceThis CTF play with Bing Chilling AcademiesThis CTF’s pwn is so easy, I just spend an hour and a half to solve all pwn challenge. But I still recorded it We got rank 9. Shellphone It let you input shellcode (shellcode need to < 0x19
Linux Kernel - Traversal of CPU and physical memory management
2025-04-18 6 words 1 min

Linux Kernel - Traversal of CPU and physical memory management

Here's something encrypted, password is required to continue reading.
2025 TRX CTF - /dev/mem
2025-04-11 6.5k words 33 mins

2025 TRX CTF - /dev/mem

2025 TRX CTF - /dev/mem Author : 堇姬 Naup 前置123mkdir -p sysfilegunzip initramfs.cpio.gzcpio -idmv -D sysfile < initramfs.cpio 把 cpio 解壓後,先把 pack.sh 寫好 之後來修 run.sh 123456789101112131415161718192021222324252627282930313233naup@naup-virtual-machine:~/Desktop/pwn/devmem$ cat run.sh #!/bin/
Linux Kernel - EoP by modprobe & 2021 3kCTF echo nerf
2025-04-04 1.7k words 9 mins

Linux Kernel - EoP by modprobe & 2021 3kCTF echo nerf

Linux Kernel - EoP by modprobe & 2021 3kCTF echo nerf Author: 堇姬Naup 前言一個酷酷的 kernel pwn 萬解 www 調用鏈當你去執行一個檔案時會有以下調用鏈 do_execve第一步去 call do_execvehttps://elixir.bootlin.com/linux/v6.13.7/source/fs/exec.c#L2040 12345678static int do_execve(struct filename *filename, const char __user *const __user
Windows Kernel exploitation - Part 1
2025-04-02 8.8k words 46 mins

Windows Kernel exploitation - Part 1

Windows Kernel exploitation - Part 1 Author: 堇姬Naup What is Kernelkernel位於application和hardware之間,是OS的core也負責溝通hadware和process負責了像是I/O、process、memory、driver managemet或是syscall 等事情 kernel也提供了可以跑application的環境application是run在ring3,而kernel則是ring0 123456789101112131415 +------------------
AIS3 EOF Final 2025 - Record
2025-03-27 2k words 10 mins

AIS3 EOF Final 2025 - Record

AIS3 EOF Final 2025 - Record Author: 堇姬Naup 前言 Team: CakeisTheFakeRank: r.k.2 & 炸彈超人獎 遲來的 EOF 心得 www 先感謝 CakeisTheFake 的所有隊友,一起奮戰了兩天,這邊簡單記錄這次比賽 Day 1一開始先釋出了 BOMBE、game 兩題 KoH先來說說 BOMBE每隊都要上傳 malware 及 EDRmalware 要做三件事 從 /home/bogay1450/.ssh/id_ed25519 檔案內容取得 flag 從 proc
Pwnable.tw - printable
2025-03-22 6 words 1 min

Pwnable.tw - printable

Here's something encrypted, password is required to continue reading.
AlpacaHack Round 6 (Pwn) - writeup
2025-03-06 1.1k words 5 mins

AlpacaHack Round 6 (Pwn) - writeup

AlpacaHack Round 6 (Pwn) - writeup Author: 堇姬Naup 最近看到來賽後挑戰一下,除了第三題外都有打出來簡單記錄一下 inboundoob 寫 GOT 成 win function 1234567891011121314151617181920212223from pwn import *r=process("./inbound")r=remote("34.170.146.252", 39404)win = 0x4011d6debug = input("(Y/N)")if debug ==