LYKNCTF 2026 pwn writeup — three binary exploitation challenges solved covering non-PIE ret2win, signed-integer length bypass with byte truncation, and off-by-one UAF chained into tcache poisoning, arbitrary read/write, and stack RIP overwrite

LYKNCTF 2026 Pwn Writeup: 3 Challenges Solved

LYKNCTF 2026’s pwn track is short but well-graduated: three challenges that climb from a textbook non-PIE ret2win with no canary, through a signed-integer length check that survives negation and byte truncation before it reaches read(), and up to an off-by-one UAF in a note manager that composes into heap-safe-linking leak, unsorted-bin libc leak, glibc 2.39 tcache poisoning, PIE recovery through a stack scan for a .rodata string pointer, notes-table hijack for arbitrary read/write, upper-stack dump, saved-RIP identification, and a system("/bin/sh") ROP chain, all one binary, one exploit run. ...

July 11, 2026 · 22 min · 4493 words · CyberSecurity Elite Team
TraceBash CTF 2026 pwn writeup — Banned Bytes badchars ROP and Legacy Ledger format-string %hn writes to stack shellcode

TraceBash CTF 2026 Pwn Writeup: 2 Challenges Solved

Third post in the TraceBash CTF 2026 series on this site. The earlier ones cover crypto (small-subgroup DH, shared RSA prime, harmonic XOR, 16-bit seed brute) and OSINT (geocaching pivot, Plus Codes, NYC DOB open data, cross-platform handle pivoting). This one walks the two pwn challenges in the same step-by-step format. ...

June 27, 2026 · 19 min · 3922 words · CyberSecurity Elite Team
HASBLCTF 2026 pwn writeup — all 5 binary exploitation challenges (baby-bufferoverflow, candy-store, baby-shellcoder, jumper, padawan-pwn)

HASBLCTF 2026 Pwn Writeup: All 5 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Pwn (Linux x86-64) Tags ret2win with movaps stack alignment, int16 signed overflow, mmap RWX shellcode injection, register-controlled jmp into pre-built gadget chain, classic ROP with SysV-ABI argument-register setup, pwntools payload construction, checksec mitigation analysis HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Pwn track — the five pwn challenges (baby-bufferoverflow, candy-store, baby-shellcoder, jumper, padawan-pwn) were all solved, and each one teaches a different beginner-to-intermediate binary-exploitation primitive: ret2win with the movaps 16-byte stack-alignment trap, a signed-vs-unsigned integer-width bug exploitable via menu interaction, direct shellcode execution on an mmap’d RWX page, a 7-byte shellcode budget that has to set rdx for a hard-coded jmp rdx into the binary’s own gadget chain, and a full ROP chain that loads three argument registers before calling a flag-printing function. ...

June 1, 2026 · 21 min · 4423 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap