pwneasy

Hackbin

hackerlab

Task: a 64-bit non-PIE ELF with a menu and an unsafe gets() call in add_note() lets user input overflow a stack note buffer. Solution: overwrite RIP at offset 0x488 and use ret2win with an extra ret gadget for x86_64 stack alignment before calling get_flag().

$ ls tags/ techniques/

buffer_overflow gets x86_64 ret2win stack_alignment no_pie

ret2winstack_buffer_overflow

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub to get started.

$ssh [email protected]