pwnPromedium
rbp
spbctf
Task: RBP overwrite with limited buffer overflow (16 bytes into 8-byte buffer). Solution: Stack pivot via corrupted saved RBP pointing to second buffer containing win address, exploiting leave;ret gadget.
🔒
Permission denied (requires tier.pro)
Sign in to access full writeups
Sign in with GitHub to continue. No email required.
$sign in$ grep --similar
Similar writeups
- [pwn][Pro]ret— spbctf
- [pwn][Pro]stackgift— spbctf
- [pwn][Pro]sptr— spbctf
- [pwn][Pro]Easy Overflow 1— spbctf
- [pwn][Pro]secret_v2 — format string without %n— spbctf