Pwn

Hardest pwn challenge of the CTF. A simple vulnerability lead to a BOF, but the path to RCE was really interesting

This is one of the first heap related kernel challenges I solved, so this writeup could be inaccurate in some spots.

Interesting pwn challenge regarding the exploitation of a simple stack BOF.

Heap challenge with the goal of achieving arbitrary write to read the flag from the heap.

modprobe_path is a global variable that in most kernels is RW. This variable is contains a path to an executable, do you see where this is going..?

msg_msg is a really powerful and elastic kernel struct that can be abused to obtain strong primitives, such as arbitrary read/write/free.