CrossCTF_2018: Real Baby Pwnable

Category: Pwn Points: 831 Description:

This is an actual baby pwn challenge. nc ctf.pwn.sg 1500 Creator - amon (@nn_amon) realbabypwn

Write-up

A step up from the classic buffer overflow, this one introduces stack canaries/cookies into the mixture. Thankfully, we can easily leak the value of the stack canary and write it back. Without ASLR, we can then simply rewrite the RET code to our goal address!

Solution in Python, as always.

# ./solve.py 
[+] Opening connection to ctf.pwn.sg on port 1500: Done
[*] Canary: 0xd55c725bdffdec00
[*] Pointer: 0x564cb1d319b0
[+] CrossCTF{It3r4t1ve_0ver_R3curs1v3}
[*] Closed connection to ctf.pwn.sg port 1500

Therefore, the flag is CrossCTF{It3r4t1ve_0ver_R3curs1v3}.

results matching ""

    No results matching ""