modprobe_path overwrite exploit after kernel commit fa1bdca98d74472dcdb79cb948b54f63b5886c04.
trigger modprobe using struct sockaddr_alg.
First ever kernel pwn!
No Hack No CTF 2025
CTF Conducted by team Iced Tea.
Placed top 19, solved 5/7 pwn challenges, and one really good web challenge.
Solves
Babyrop
Using strlen on binary data is the definition of insanity.
Limited inital ropchain => pivot stack to bss for unlimited control.
Xss Xss
From Text injection to open redirect using javascript: pseudo protocol for unrestricted XSS.
First major web solve since picoCTF.
Server_status Revenge
First time solving a race condition / shared memory CTF challenge.
Server_status
SUID Binary with relative path => recipie for disaster.
UN-INTENDED SOLVE, Notified organisers about it.