<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Ctf on nobe4</title><link>https://nobe4.fr/tags/ctf/</link><description>Recent content in Ctf on nobe4</description><generator>Hugo</generator><language>en-us</language><copyright>&lt;a href="https://creativecommons.org/licenses/by-sa/4.0/"&gt;CC BY-SA&lt;/a&gt;</copyright><lastBuildDate>Sat, 27 Jun 2026 12:13:35 +0200</lastBuildDate><atom:link href="https://nobe4.fr/tags/ctf/index.xml" rel="self" type="application/rss+xml"/><item><title>Shellcode for/by a Newbie</title><link>https://nobe4.fr/posts/shellcode-for/by-a-newbie/</link><pubDate>Sat, 02 Sep 2017 00:00:00 +0000</pubDate><guid>https://nobe4.fr/posts/shellcode-for/by-a-newbie/</guid><description>&lt;p&gt;I wrote this blog post with a simple goal in mind: I never took the time to understand fully how a shellcode worked. I know about it, I know that it works, but I don&amp;rsquo;t know &lt;em&gt;how&lt;/em&gt;. So I made myself write this in order to finally grasp its logic. Ready? Let&amp;rsquo;s dig in!&lt;/p&gt;
&lt;p&gt;For this article I&amp;rsquo;m using a Ubuntu Trusty 32bits (with &lt;a href="https://www.vagrantup.com/"&gt;Vagrant&lt;/a&gt;).&lt;/p&gt;
&lt;h1 id="the-wrapper"&gt;The wrapper&lt;/h1&gt;
&lt;p&gt;In order to execute a shellcode, we&amp;rsquo;re going to use a simple wrapper, written in &lt;code&gt;C&lt;/code&gt;. Later in the blog post, I&amp;rsquo;ll assume that only &lt;code&gt;shellcode&lt;/code&gt; changes, so I&amp;rsquo;ll only reference it.&lt;/p&gt;</description></item><item><title>/dev/random: Pipe</title><link>https://nobe4.fr/posts/dev/random-pipe/</link><pubDate>Wed, 19 Oct 2016 00:00:00 +0000</pubDate><guid>https://nobe4.fr/posts/dev/random-pipe/</guid><description>&lt;p&gt;Writeup by &lt;a href="https://github.com/npny"&gt;npny&lt;/a&gt; and &lt;a href="https://github.com/nobe4"&gt;nobe4&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;Firstly, we run &lt;code&gt;nmap&lt;/code&gt; against the website, to discover that (among others), the ports 80 and 22 are open.&lt;/p&gt;
&lt;p&gt;&lt;code&gt;SSH&lt;/code&gt; doesn&amp;rsquo;t yield any results, and we try, without luck, a possible exploit against the used version.&lt;/p&gt;
&lt;p&gt;&lt;code&gt;HTTP&lt;/code&gt; is a lot more interesting:&lt;/p&gt;
&lt;p&gt;An HTTP password is asked when trying to access the main page. After a few random try on the different &lt;a href="https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods"&gt;&lt;code&gt;HTTP&lt;/code&gt; verbs&lt;/a&gt; we try to access the default &lt;code&gt;index.php&lt;/code&gt; file, which seems to have the same security. But, making a &lt;code&gt;POST&lt;/code&gt; request on the file returned a valid &lt;code&gt;HTML&lt;/code&gt; page. Nice!&lt;/p&gt;</description></item></channel></rss>