pwnProhard

Говори - и будет исполнено (ask_and_you_shall_receive)

hackerlab

Task: Binary with format string vulnerability (printf(user_input)) and buffer overflow (fgets reads 400 bytes into 112-byte buffer). No PIE, no canary, partial RELRO. Solution: Two-stage exploit - Stage 1 uses format string to leak libc address via puts@GOT, Stage 2 uses buffer overflow for ret2libc (system('/bin/sh')).

$ ls tags/ techniques/

buffer_overflow format_string got_overwrite libc_leak rop

format_string_writeformat_string_readret2libcgot_overwrite

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pwn][Pro]secret_v2 — format string without %n— spbctf
[pwn][free]Void— hackthebox
[pwn][Pro]Canary leak + ret2win (string_leak)— spbctf
[pwn][Pro]Easy ROP— hackerlab
[pwn][Pro]Secrets— grodno_new_year_2026