forensicsProeasy

Forenser Canary

spbctf

Task: given a raw stack memory dump of a Linux x86_64 process (0x21000 bytes matching a VA range), recover the glibc stack canary. Solution: scan the dump for 8-byte aligned qwords with low byte 0x00 and non-zero upper 7 bytes (terminator canary pattern) and pick the most frequent clustered value.

$ ls tags/ techniques/

x86_64 memory_dump glibc stack_canary terminator_canary stack_forensics

frequency_analysisstack_memory_analysisqword_alignment_scanglibc_canary_structure

Analysis

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.

$ python3 exploit.py --target 192.168.1.1 --port 8080
[*] Connecting to target...
[+] Shell obtained!

Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.

🔒

Permission denied (requires tier.pro)

Sign in to access full writeups

$sign in

$ grep --similar

Similar writeups

[forensics][Pro]Forenser Retaddr— spbctf
[pwn][Pro]stackgift— spbctf
[pwn][Pro]Canary leak + ret2win (string_leak)— spbctf
[pwn][free]Scanner— hackthebox
[forensics][Pro]Forenser RBP— spbctf