pwnPromedium

bad_mood

grodno_new_year_2026

Task: Heap-based note manager binary with an off-by-one bug and an admin check function that compares a hash against itself. Solution: Ignored the red herring heap vulnerability and simply called the check_admin function (menu option 5), which always passes because admin_hash is computed from the same admin_key at startup.

$ ls tags/ techniques/

heap red_herring off_by_one logic_bug fnv1a

source_code_analysislogic_flaw_exploitation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pwn][Pro]Secrets— grodno_new_year_2026
[pwn][Pro]Name— grodno_new_year_2026
[pwn][Pro]New year party— grodno_new_year_2026
[pwn][Pro]Хранилище заметок (Notes Store)— hackerlab
[pwn][Pro]Taste— grodno_new_year_2026