Luxury (Люкс)

duckerz

Task: PWN binary with buffer overflow in login function, PIE enabled but GOT addresses leaked in admin menu. Solution: Use hardcoded credentials to access admin menu, leak libc addresses, identify libc version via libc.rip, then ret2libc with system("/bin/sh").

ret2libc pwn buffer-overflow pie-bypass got-leak libc-identification

ret2libcstack_buffer_overflowgot_leakpie_bypasslibc_database_lookup

$ ls tags/ techniques/

ret2libc pwn buffer-overflow pie-bypass got-leak libc-identification

ret2libcstack_buffer_overflowgot_leakpie_bypasslibc_database_lookup

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pwn][Pro]В отеле (At the Hotel)— duckerz
[pwn][Pro]Hospital (Больница)— duckerz
[pwn][Pro]Говори - и будет исполнено (ask_and_you_shall_receive)— hackerlab
[pwn][Pro]Древний замок мага (Ancient Magician Castle)— duckerz
[pwn][Pro]Upcoming Flight (Предстоящий полет)— duckerz