Forticlient VPN on GNU/Linux: Blank screen

Preamble

On a Debian GNU/Linux 11 Bullseye box, with the latest updates and with a working NVIDIA graphics card, the Forticlient GUI binary showed a blank-screen with no widgets in it:

The widget-rendering is not working

We did not have Forticlient source code, so we needed […]

UAM Futurama 3 parte 2 partial writeup: ROP contra servidor web sin LEAKS

Introducción

Primero de todo, este no es un write-up completo. Describiré mi exploit para lograr la flag en la segunda parte del reto de Futurama 3 de este mes de la UAM. Se considera el reversing del binario “carl” ya completado y las respectivas vulnerabilidades encontradas para provocar el Buffer Overflow.

[…]

Defeating an ELF32 binary with absolutely no leaks without using the ret2_dlresolve technique

The binary

I was presented with an ELF32 binary with the following protections:

ch77 protections

Disassembling the binary with r2, I quickly recognized a classic stack overflow by abusing the call to read:

There’s a buffer overflow in the read function.