$ cat writeup.md…
$ cat writeup.md…
pwn_spbctf
Task: PIE/NX/Full-RELRO/CET binary with a printf(buf) format-string leak in greet() and a stack overflow (0x60 into 0x20) in messager(). Solution: leak PIE via %19$p, ROP puts(puts@got)+return-to-main to leak libc, fingerprint the REMOTE libc as glibc 2.27 (not the sibling task's 2.31) via libc.rip, then ret2libc system('/bin/sh').
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar