pwnmedium

rbp

spbctf

Task: RBP overwrite with limited buffer overflow (16 bytes into 8-byte buffer). Solution: Stack pivot via corrupted saved RBP pointing to second buffer containing win address, exploiting leave;ret gadget.

$ ls tags/ techniques/
buffer_overflowstack_pivotrbp_overwriteleave_ret
stack_pivot
🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub, then upgrade to Pro.

$ssh [email protected]