battleoverflow battleoverflow

Description: This permissions scanner is a project I created back in April 2022 and has helped tremendously in CTFs and other situations that require me to locate all files and directories accessible by the currently logged in user. This script will be useable on both Windows and Linux. This project uses an octal pattern to search the Linux filesystem and a username pattern for Windows. *This is not a Python educational blog post.

Description: A local privilege escalation vulnerability was found on polkit’s pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn’t handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it’ll induce pkexec to execute arbitrary code.

Description: Universal CTF is a project I started to help improve CTF experiences for beginners and speed up gathering results for veterans. Thanks to Universal CTF, you will no longer have to type out long commands over and over again, now you have a beautiful terminal based program to handle it all for you! You can view the project this blog post is based on here: https://github.com/battleoverflow/universal-ctf Welcome to a short blog post about a new program I wrote in Python to help those getting into CTFs in a more beginner-friendly way.