Posts for: #Pwn

eliza

eliza

Remote: eliza.challs.cyberchallenge.it,9131

Download binary: eliza

Solution

First we check the security settings of the binary with checksec from pwntools:

The executable is position dependent (No PIE), so if we can manage to overwrite the return address in the stack, we can execute any function we want of the program. So now we just need to see if the process has any buffer overflow we can exploit and it’s done! right? Well, no. The executable has a canary which impedes us to use any buffer overflow to overwrite the return address without overwriting it as well, triggering the security mechanism that will stop the execution if the canary has been modified.

the maze

The Maze

The Maze - GOTY edition This fabulous “Game Of The Year” edition contains all the levels, characters and DLCs of the acclaimed game “The Maze”.
“The Maze” is a text-based game where you play as Ampersand, the iconic hero that should avoid all the monsters (that’s easy, actually: there are none) and find the precious treasure.
Of course, as a CTF player, you don’t really care about the treasure, do you?
Yes, you want a flag, that’s clear.
There are no flags in the maze, though.
You should probably find a way to escape…
MD5: 07785b37292c80ee1de683913fb43384 the_maze
This is a remote challenge, you can connect to the service with:
nc maze.challs.cyberchallenge.it 9404