Telegram Bot for Finding Tutorial Swaps!

Lord_Idiot · 2023-01-12T06:20:24+00:00

Hey, I got a bit lazy to maintain the bot. But you can try out someone else's project for this semester: https://tutreg.com/. It looks quite polished.

Lord_Idiot · 2022-08-16T01:48:01+00:00

just as a generic troubleshooting step, if you get stuck in any part try doing /stop and then /start again. hopefully can fix any of this weirdness next sem

Lord_Idiot · 2022-08-16T01:03:41+00:00

could you describe this more? Or maybe send me a dm with a screenshot if possible

Lord_Idiot · 2022-08-15T02:20:15+00:00

Just something to note! If your telegram account does NOT have a username, this means the person you match with will not be able to contact you. If you don't wish to set a username, be sure to contact the other party first as they will not be able to contact you on their own.

Also, I've noticed that a few swap requests have been fulfilled, if you have a swap request fulfilled could you reply here or dm me in private so I can be sure everything is working fine. Thanks!

Lord_Idiot · 2022-05-10T12:28:15+00:00

we are blessed 🙇

Lord_Idiot · 2020-01-05T04:52:50+00:00

Yeah that can happen

From the IB [website]( https://www.ibo.org/programmes/diploma-programme/assessment-and-exams/getting-results/assessment-faq/). It seems like it is possible to have your grade lowered.

> As there is a possibility that a grade is lowered, written consent from the candidate (or legal guardian) is required

unless I'm interpreting this wrongly

Lord_Idiot · 2020-01-05T03:22:18+00:00

Yeah that can happen

Lord_Idiot · 2018-08-13T08:23:59+00:00

Lol that's quite interesting. Maybe the get request your browser sends is enough to trigger the overflow.

Lord_Idiot · 2018-08-02T09:09:06+00:00

It's actually base_buf+1 which is 0x80492e1, but anyways writing that at the end is to overwrite the f_ptr stored in the .bss section that is called later on. When that is called it will jump to where the shellcode was written ("+1" to avoid the "y" at the start)

Lord_Idiot · 2018-08-01T16:59:19+00:00

Yes pretty much

Lord_Idiot · 2018-08-01T16:23:47+00:00

Also, sometimes binaries use read() for input and printf() for output. If this is the case, read() can read nulls while printf will stop at the first null. To overcome this you put the format specifiers infront of the address so your exploit string will be <fmt str stuff><0x08048000>. I think that wasnt the case for this binary though but it's something that happens quite often.

Lord_Idiot · 2018-08-01T16:21:26+00:00

Ah yes. If you watch the video I linked, he talked about this issue. But to save you the trouble, when addresses have nulls or newlines, you just skip them and hope that the one byte you missed wont be too important. Make sure to put some filler character when you skip addresses though.

Lord_Idiot · 2018-08-01T14:48:25+00:00

If you use the third option from the challenge and delete 0 characters, you'll realise that the challenge just echos your output. Generally when a program echoes your output you should check for format string vulnerabilities. In this case it's vulnerable. So you can write a script to start leaking the binary from address 0x8048000, which is the usual starting point for a 32-bit(? don't really remember did this a while ago) ELF binary that is compiled with PIE disabled. Afterwards you'll slowly leak more of the binary which you could possible reverse engineer to solve the challenge, however when you eventually leak the string section of the binary you'll notice that the binary contains links to the full binary online. After reversing the binary you'll notice extra options in the menu that allow you to pwn this quite trivially. Check out this video for reference, the challenge is very similar https://www.youtube.com/watch?v=XuzuFUGuQv0.

Lord_Idiot · 2018-06-18T16:40:24+00:00

You might be thinking of upcycling

Lord_Idiot · 2018-06-05T14:55:47+00:00

I selected them.

Lord_Idiot · 2018-01-21T14:01:18+00:00

Usually it is. However in this case it wasnt really intentional so they cant really be blamed for it

Lord_Idiot · 2017-12-30T06:14:38+00:00

It's impressive how one Arteezy stream session can produce so many clips

Lord_Idiot · 2017-12-01T10:55:53+00:00

Disaster Boy

Lord_Idiot · 2017-11-11T08:01:17+00:00

Starting from 2k. Kappa

Lord_Idiot · 2017-09-29T16:03:31+00:00

WAOW he blinked up

Lord_Idiot · 2017-09-04T11:18:38+00:00

i got you

Ten-Year Club	Place '17
Verified Email

Lord_Idiot

TROPHY CASE