pwnPromedium

Storage

spbctf

Task: Binary pwn challenge with key-value storage service. Solution: Exploited buffer overflow in fgets() to overwrite getcwd() result on stack, then triggered command injection via system() call in list command using append mode to build payload across multiple writes.

$ ls tags/ techniques/

command_injection elf64 buffer_overflow pie canary_bypass stack_variable_overwrite fgets_overflow append_mode system_call

stack_buffer_overflowcwd_overwritecommand_injection_via_systemappend_mode_payload_building

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[pwn][Pro]secret_v2 — format string without %n— spbctf
[pwn][Pro]Говори - и будет исполнено (ask_and_you_shall_receive)— hackerlab
[pwn][Pro]fptr Reborn— spbctf
[pwn][Pro]Странный PWN?— hackerlab
[pwn][Pro]Древний замок мага (Ancient Magician Castle)— duckerz