VirSecCon CTF

(Binary_exploitation) Buff The Barque

as the challenge said it wil be buffer over flow exploit

after downloadng the challnge we run it:

as we see here it just take input and exit so lets put much junk and see if there is seg fault

and voila!! lets fire up gdb and see where does seg falut get reflected:

as we can we we can modify our instructor pointer after 76 of junks:

lets disassmble thet elf to see where should we jump:

as we can see from the code flow it just printig some lines then jump to a vuln finction that takes our input through gets function which is know it does not take a length parameter, it doesn’t know how large your input buffer is. If you pass in a 10-character buffer and the user enters 100 characters it will accept them

fgets is a safer alternative to gets because it takes the buffer length as a parameter.

any way we need now to jump to a get_flag function which we can get it through readelf:

now here is our final exploit and here i used pwntool lib:

and gotcha!!! we got tha flag

LLS{if_only_eagle_would_buffer_overflow}

thanks for reading :)

feedback is appreciated