pwneasy

Labyrinth

hackthebox

Task: Exploit a buffer overflow in a 64-bit binary with a win function that reads flag.txt. Solution: Select door 69 to reach the vulnerable code path, overflow a 48-byte buffer with 68-byte fgets to overwrite the return address at offset 56, use a ret gadget for x86-64 stack alignment, then jump to the escape_plan function.

$ ls tags/ techniques/

buffer_overflow x86_64 ret2win stack_alignment

stack_alignmentret2winbuffer_overflowreturn_address_overwrite

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]