Offical source && env && writeup:

https://github.com/kalmarunionenctf/kalmarctf-2023

Pwn:

hyper-k(hypervisor,pwn,hard):

It's all about infra and kalmar will be the new big cloud provider in town, Silicon valley here we go, TO THE MOOON!
This chall is HARD (I think). It requires intel vt-x sorry if you're on amd. We have special infra for this chall and we will do our best to assist you if shit breaks. If everything fails contact zanderdk and we may be able to provide you with a private instance for a suitable region. Timeout etc should not be a issue so contact if you have such problems.
Best of luck Zander

Hint: Wonder if vmcall instructions is of any danger, probably not lest enable it
<https://i.imgur.com/e1YBgDD.png>

nc 130.61.225.80 1337

[handout.tar.gz](<https://kalmarc.tf/files/8594e6cf55c40afe92ca745911c334bf/handout.tar.gz?token=eyJ1c2VyX2lkIjo1MjgsInRlYW1faWQiOjE2LCJmaWxlX2lkIjo1NH0.ZAIq2g.-gy_arGWfnktMXEWAeInu1hGxv0>)
[kernel_module.zip](<https://kalmarc.tf/files/5fdbde8aa463645eb1f19dfb81cff517/kernel_module.zip?token=eyJ1c2VyX2lkIjo1MjgsInRlYW1faWQiOjE2LCJmaWxlX2lkIjo3Nn0.ZAOBwQ.EFD6UGrmFX5vcz-bFZGdBjq-CAk>)
[main.c](<https://kalmarc.tf/files/423f6227dd562b8caa28fc7a518468bb/main.c?token=eyJ1c2VyX2lkIjo1MjgsInRlYW1faWQiOjE2LCJmaWxlX2lkIjo3N30.ZAOBwQ.mCjLupP76-0g7C0o0uotd6gvubY>)

hyper-k.gz

kernel_module.zip

main.c

mjs(clone,pwn,warmup):

Toddler's first browser exploitation: <https://github.com/cesanta/mjs>

nc 54.93.211.13 10002

[mjs_handout.tar.gz](<https://kalmarc.tf/files/dec42aae0efd25c794e53dbfa9cd4b58/mjs_handout.tar.gz?token=eyJ1c2VyX2lkIjo1MjgsInRlYW1faWQiOjE2LCJmaWxlX2lkIjo1N30.ZAIrCg.XKMJuIExTnizF6Hg-dH2AisIrSI>)

mjs.tar.gz

Robber(pwn,rev,virtualization):

My friend Rob the robber sent me this file talking about this ground-breaking technique called rob?

nc 54.93.211.13 10004

[handout.tar.gz](<https://kalmarc.tf/files/b54c615a4729d7b69f3223ef754533ac/handout.tar.gz?token=eyJ1c2VyX2lkIjo1MjgsInRlYW1faWQiOjE2LCJmaWxlX2lkIjo1OH0.ZAIrQg.DxjXMyNryyHpMJGrQpJ61YbzPs4>)

Robber.gz

js in my bs:

Who doesn't need a JS engine in their boot sector? Am I right?
> a=1+1
> b=2+2
> l(a+b)
0006

There are multiple steps to the challenge, but the entire thing can be solved from within QEMU and does not require any mode switching.

nc 54.93.211.13 10000

[handout.tar.gz](<https://kalmarc.tf/files/04b8b31b95eaadc39222db373167f82f/handout.tar.gz?token=eyJ1c2VyX2lkIjo1MjgsInRlYW1faWQiOjE2LCJmaWxlX2lkIjo1NX0.ZAJNgw.ESI2T3N1XcK3-mgLg6fhsVFBuRQ>)