rick2600@home:~$

  • Redis Heap Overflow In The Cjson Library (cve 2022 24834)

    Description The team at Ricerca Security (@RicercaSec) discovered and successfully exploited a interesting vulnerability (CVE-2022-24834) in the Lua interpreter included with Redis. This vulnerability is a heap overflow in the cjson library, and a detailed writeup can be found here. We noticed some hard coded offsets [2] [3], which might...

  • Bug Hunting In The Janet Language Interpreter

    Introduction In UMassCTF-2021 I was presented to an interesting project on a language called Janet. In this CTF we had two challenges to solve and the goal in both was to bypass some restrictions in a REPL environment. The full write-up about how I solved the challenges can be seen...

  • UMass CTF 2021 - replme [pwn]

    Competition: UMass CTF 2021 Challenge Name: replme Type: pwn Points: 500 pts Description: Description: I found this new programming language and wanted people to be able to try it out. http://34.72.244.178:8085 I didn’t play the CTF, but the replme task caught my attention. The challenge was about exploiting the interpreter...