| cover | coverY |
|---|---|
../../../../../../.gitbook/assets/image.avif |
0 |
This sounds funky, the point of REplay is literally to be banged in a million different directions and flipped inside out by reverse engineers. So what the hell do I mean by reporting a vulnerability?
This playground is flooded 1with more vulnerabilities than I actually threw in here. This is because that this GUI was re-used and re-cycled for so many projects and is just a base at that point. Because the original source code was just exploits for another game just gutted and flooded with vulns, I am sure somewhere along the way I made another flaw without realizing it.
So, if you find a vulnerability, it would be nice to report it.
Fuck no, in fact we will do the opposite.
Ideally, if you come across a flaw, I expect the flaw to be something relative to binary exploitation, mainly because this playground is purely for reversing binary applications and leveraging flaws in the binary to expose other flaws in other portions of the applications (e.g: web servers, drivers, background processes, and more)
So the questions for reporting flaws that you would ask yourself is -
- How will it benefite a user of the CTF? (I will explain this in the next page)
- How can I exploit this- how did I exploit this?
- How does it make REplay stronger? (again explaining this in the next page)
- What is the impact of the vulnerability? How detrimental is it?
- How hard is this to exploit?
- What do you need to know to exploit this?
- Are there any references I can link to this?
- Can I document this process with screenshots and have enough to proof this?
This is a super weird set of questions- but there is a reason to this. That reason is -
{% content-ref url="the-goods-o_o.md" %} the-goods-o_o.md {% endcontent-ref %}