2 Posts tagged with return-oriented-programming

pwnable.tw - silver bullet

Posted on February 1, 2020* in ctf-writeups
pwnable.tw binary-exploitation return-oriented-programming pwntools

Challenge

Please kill the werewolf with silver bullet!

nc chall.pwnable.tw 10103

We are also provided a binary and the libc used on the server.

Solution

When running the binary, we can see that we have four options:

The provided binary was not stripped, so reversing was easy with Ghidra.

void create_bullet(bullet *bullet)
{
  size_t size;
  
  if (bullet->description[0] == '\0') {
    printf("Give me your description of bullet :",0);
    read_input((char *)bullet,0x30);
    size = strlen((char *)bullet);
    printf("Your power is : %u\n",size);
    bullet->power = size;
    puts("Good luck !!");
  }
  else {
    puts("You have been created the Bullet !");
  }
  return;
}
Continue Reading

nactf 2019 - Loopy #0

Posted on September 22, 2019* in ctf-writeups
nactf2019 binary-exploitation pwntools format-string return-oriented-programming

Challenge

This program is quite short, but has got printf and gets in it! This shouldn't be too hard, right?

Connect at nc shell.2019.nactf.com 31283

We are given the libc used, the binary, and the source code.

#include <stdio.h>

void vuln()
{
	char buf[64];
	fputs("Type something>", stdout);
	gets(buf);
	fputs("You typed: ", stdout);
	printf(buf);
}

int main()
{
	/* Disable buffering on stdout */
	setvbuf(stdout, NULL, _IONBF, 0);

	vuln();

	return 0;
}
Continue Reading
Switch to Dark Mode
Dark
Switch to Light Mode
Light