Infrastructure and tools built for the 4-week Pwn Adventure 3 hacking sessions for ComSec
- (Frida) Demangle Symbols
- Description: Map mangled symbols required by Frida to symbols seen in the Interactive Disassemblers.
- Author: @sharkmoos
- (Binary Patch) Running Speed:
- Description: Permanently increase running speed.
- Author: @sharkmoos
- (Binary Patch) Infinite Jump
- Description: Why have double jump when you can infinite jump!
- Author: @sharkmoos
- (Frida) Hook Magmarok Health
- Description: Have Magmarok boss's health displayed to a terminal every time you damage him. Useful for exploiting the integer overflow required to kill him
- Author: @sharkmoos
- (Frida) Teleporting
- Description: Utilising a teleport hack for a semi automated way to get all the golden eggs in Pwn adventure
- Author: @sharkmoos
- (Wireshark) Network Protocol Notes
- Description: Not actually a hack, but contains notes and a script on how I made progress reverse engineering and decoding the custom network protocol
- Author: @sharkmoos
The server is running with a hostname game.pwn3, so you'll need to add this to your /etc/hosts file with the IP of the server. For Windows, I think it's C:\Windows\System32\drivers\etc\hosts.
hash: db1e797da308f027c876c61786682f3b
Obviously things have progressed since PwnAdventure 3 first released. You may have noticed libssl.so.1.0.0 and libcrypto.so.1.0.0 are required but not available on the Ubuntu package manager now. To overcome this, you can do the following:
cd ./PwnAdventure3/PwnAdventure3/Binaries/Linux/
# download a valid one from http://security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/
wget http://security.ubuntu.com/ubuntu/pool/main/o/openssl1.0/libssl1.0.0_1.0.2n-1ubuntu5.10_amd64.deb
dpkg-deb -xv libssl1.0.0_1.0.2n-1ubuntu5.10_amd64.deb .
cp ./usr/lib/x86_64-linux-gnu/* .
sudo ./PwnAdventure3-Linux-ShippingSome users have had trouble using their mouse in Pwn Adventure, the camera does't bind to the mousee. We have 2 solutions for this:
- If running in a VM, try enabling "optimise the mouse for games"
- On VMWare Workstation
edit -> preferences -> input -> optimise mouse for games = always
- On VMWare Workstation
- Rebind the Up and Down arrow keys to control the camera. We will post a valid file for this in the near future
There are three containers in the stack
postgres_database: The database container. Just uses alpine with postgres, no commands are run directly on this server, but holds volumes on/var/lib/postgresql/datafor data and/var/run/postgresqlfor connection socketspwn3_master: This one basically handles game data, so accounts, mission progress and all that stuff. This is the container that interacts with the database running onpostgres_database.pwn3_game: The actual game logic. It's currently set to handle 10 instances, I have no idea if there is a suggested limit beyond apart from the obvious requirements of the host server. This is the container the players should connect to directly