pwnProeasy

Auto Overflow 2

spbctf

Task: overflow a buffer to match a random integer comparison value generated with srand(time(0)). Solution: predict the rand() output by calling glibc srand/rand with the current Unix timestamp via ctypes, then send 64 bytes padding plus the predicted value in little-endian.

$ ls tags/ techniques/

buffer_overflow pwntools srand random time_seed

random_number_predictiontime_based_seed_exploitationglibc_rand_reimplementation

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pwn][Pro]Auto Overflow 1— spbctf
[pwn][Pro]Easy Overflow 3— spbctf
[pwn][Pro]Sleep— spbctf
[pwn][Pro]Easy Overflow 1— spbctf
[pwn][Pro]sptr— spbctf