Posts tagged with return-oriented-programming


Please kill the werewolf with silver bullet!

nc 10103

We are also provided a binary and the libc used on the server.


When running the binary, we can see that we have four options:

The provided binary was not stripped, so reversing was easy with Ghidra.

void create_bullet(bullet *bullet)
  size_t size;
  if (bullet->description[0] == '\0') {
    printf("Give me your description of bullet :",0);
    read_input((char *)bullet,0x30);
    size = strlen((char *)bullet);
    printf("Your power is : %u\n",size);
    bullet->power = size;
    puts("Good luck !!");
  else {
    puts("You have been created the Bullet !");
Continue Reading


This program is quite short, but has got printf and gets in it! This shouldn't be too hard, right?

Connect at nc 31283

We are given the libc used, the binary, and the source code.

#include <stdio.h>

void vuln()
	char buf[64];
	fputs("Type something>", stdout);
	fputs("You typed: ", stdout);

int main()
	/* Disable buffering on stdout */
	setvbuf(stdout, NULL, _IONBF, 0);


	return 0;
Continue Reading