pwneasy

Conversation

hackerlab

Task: an ELF64 PIE binary with NX and Full RELRO exposes both a format string in the name prompt and a stack overflow in the description prompt, while the embedded flag string is fake. Solution: leak &allowance with the 45th %p, recover the PIE base, then ret to the success branch at base + 0x1489 to print the real remote flag.

$ ls tags/ techniques/

stack_overflow pie x86_64 format_string no_canary nx full_relro fake_flag

format_string_leakpie_base_recoveryret_to_win

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

Create a free account with GitHub to get started.

$ssh [email protected]