VirSecCon CTF
(Binary_exploitation) Buff The Barque
as the challenge said it wil be buffer over flow exploit
after downloadng the challnge we run it:
as we see here it just take input and exit so lets put much junk and see if there is seg fault
and voila!! lets fire up gdb and see where does seg falut get reflected:
as we can we we can modify our instructor pointer after 76 of junks:
lets disassmble thet elf to see where should we jump:
as we can see from the code flow it just printig some lines then jump to a vuln finction that takes our input through gets function which is know it does not take a length parameter, it doesn’t know how large your input buffer is. If you pass in a 10-character buffer and the user enters 100 characters it will accept them
fgets
is a safer alternative to gets
because it takes the buffer length as a parameter.
any way we need now to jump to a get_flag function which we can get it through readelf:
now here is our final exploit and here i used pwntool lib:
and gotcha!!! we got tha flag
LLS{if_only_eagle_would_buffer_overflow}
thanks for reading :)
feedback is appreciated