poc

Following up on the previous post, we will triage a crash to find the cause of a blind format string bug. We’ll take this bug from annoying crash all the way to RCE with a few neat tricks.

The first of a two-part series. This part will cover how I set up a grammar fuzzer with LibAFL and Nautilus in order to fuzz the game server for Trackmania Nations Forever.

This writeup explains how to reverse engineer the security patch and craft an exploit for CVE-2021-22204, without any real Perl knowledge.