/..

#CONTENT

#TOP

chal
2 MiB2024-04-10 03:03
exploit
783 bytes2024-04-10 03:03
dist.tar.xz
825 KiB2024-04-10 03:03
README.mdx
957 bytes2024-12-09 17:25

#baby-sandbox

How many different ways are there to make a syscall?

nc chal.amt.rs 1341

unvariant <-     author pwn <-   category 394 <-     points 33 <-     solves easy <- difficulty

#solution

Use sysenter which is an alternate legacy method of performing a syscall. The biggest issue that most players ran into was not setting a proper rbp value, sysenter only completes successfully if rbp is set to a readable address along with the other arguments.

#unintendeds

#vector registers

I remembered to clear fs and gs registers this time but forgot to clear the vector registers...

#side channel

I was aware that my solution to perfect-sandbox from amateursctf-2023 would also work on this challenge but I was too lazy to patch lol.

#issues

sysenter only works in 64 bit mode on intel processors, which caused some debugging issues for some players.