In this writeup, I will share how I solved "Pycomment" from KalmarCTF 2025. It was one of the tougher pyjails this year and makes use of two really unique ideas.
Thanks for the challenge, @ChattyPlatinumCool 😛
Can you please help us comment our code? And please don't attack us.
import sys
import os
NOP = 0x90
offsets_and_values = {
0x000035FE: 0x01,
0x0000361D: 0x95,
0x0000361E: 0x9E,
0x0000361F: 0x57,
| // for sample https://malshare.com/sample.php?action=detail&hash=20946142795ea4b9fafad9a279e5da0e2f491f567380d7f37570d451f3aa6b8f | |
| bc | |
| bphwc | |
| bp WriteProcessMemory | |
| run | |
| bc | |
| mov $payload,[esp+c] | |
| // calc size of dump area |
hi, i'm daniel. i'm a 15-year-old with some programming experience and i do a little bug hunting in my free time. here's the insane story of how I found a single bug that affected over half of all Fortune 500 companies:
If you've spent some time online, you’ve probably come across Zendesk.
Zendesk is a customer service tool used by some of the world’s top companies. It’s easy to set up: you link it to your company’s support email (like [email protected]), and Zendesk starts managing incoming emails and creating tickets. You can handle these tickets yourself or have a support team do it for you. Zendesk is a billion-dollar company, trusted by big names like Cloudflare.
Personally, I’ve always found it surprising that these massive companies, worth billions, rely on third-party tools like Zendesk instead of building their own in-house ticketing systems.
| This issue occurred in the recently updated version of "com.android.art". |
Inspired by https://infosec.exchange/@jjtech/112612685494089718
Reboot into Recovery OS + Disable SIP
csrutil disable
This is a living document. Everything in this document is made in good faith of being accurate, but like I just said; we don't yet know everything about what's going on.
Update: I've disabled comments as of 2025-01-26 to avoid everyone having notifications for something a year on if someone wants to suggest a correction. Folks are free to email to suggest corrections still, of course.
| #!/usr/bin/env python3 | |
| import usb.core | |
| import struct | |
| from collections import namedtuple | |
| APPLE_VID = 0x05ac | |
| Target = namedtuple("Target", ["vid", "pid", "name", "model", "total_size"]) |
| ''' | |
| IDA plugin to display the calls and strings referenced by a function as hints. | |
| Installation: put this file in your %IDADIR%/plugins/ directory. | |
| Author: Willi Ballenthin <[email protected]> | |
| Licence: Apache 2.0 | |
| ''' | |
| import idc | |
| import idaapi | |
| import idautils |