If any of you have played around with the Offensive Security certifications, then for sure you have discovered that they are quite creative and that the people administering them want to make you think by yourself with as little help as possible.
One of their courses, CTP (Cracking the Perimeter), even requires you to hack into a website, retrieve a code, decipher how to get a secret key and only then can you proceed with the registration which checks that you managed to fetch these values.
Without giving a way the challenge, I can only say that working with GDB is needed for the final tests and that I, being lazy, installed a plugin for it called GEF so that I could trace what happens with the registers and have the information visually displayed all the time.

Continue reading

Author's picture

Mihai Tanasescu

Network, Security, Servers, Openstack, Openshift. If there’s anything new and cool, then I like to learn about it. I’m also a fan of deep diving under the hood of a product to see what makes it tick, what leftovers from programming make it break and how it does its stuff.

SE @ Cisco