Saarsec

saarsec

Schwenk and pwn
Page 2 of 10

CInsects 19 WriteUp bufcore

18.07.2019 by Johannes

Bufcore was a binary service written for a custom CPU that implemented a password protected key-value store. As already suggested by the service name, bufcore suffered from a buffer overflow vulnerability that enabled attackers to read other users’ secret without knowing their password.

Read more

ENOWARS 3 WriteUp scavengepad

17.07.2019 by Jonas Cirotzki. Kudos to Markus for writing the exploit code.

ScavengePad was a C# service at ENOWARS 3. It was an ASP.NET-based app which allowed users to create projects containing tasks and track their progress. Projects and tasks could be enriched with markdown descriptions.

Read more

ENOWARS 3 WriteUp telescopy

16.07.2019 by alfink and Daniel Weber

Telescopy was a HTTP service written in Python which models an interface for storing information about planets.

Read more