Challenge example
Source code
The binary is compiled with both PIE and Stack canary and is served using the serve.c code
The serve.c code will not be explain here.
It will just serve the binary over a socket and make a fork of it to handle multiple connection at a time.
The buffer overflow occur during the authentication
function at line 19 :
Exploitation
Using the stack reading technique is possible to retrieve the needed values and then reuse it and overwrite RIP to search gadgets.
Bropper can be used to do it
Exercice
If you want to try this exploit by yourself, you can pull this docker image :
Deploy the image using the followed command :
Access to the web shell with your browser at the address : http://localhost:3000/
Last updated