Buffer Overflow
plaidCTF 2014 - bronies (web800)
For PlaidCTF2014, Eindbazen and
fail0verflow joined forces as 0xffa, the
Final Fail Alliance.
Don't miss out on other write-ups at Eindbazen's site!
Don't miss out on other write-ups at Eindbazen's site!
bronies
Web (800 pts)
-------------------
We are trying to break into eXtreme Secure Solutions, where The
Plague works as a system adminstrator. We have found that their
internal company login page is at
http://portal.essolutions.largestctf.com/. Recon has also revealed
that The Plague likes to browse this site during work hours:
http://54.196.225.30/ using the username ponyboy2004. Remember, our
main target is to break into the company portal, *not* the pony site.
plaidCTF 2014 - ezhp (pwn200)
For PlaidCTF2014, Eindbazen and
fail0verflow joined forces as 0xffa, the
Final Fail Alliance.
Don't miss out on other write-ups at Eindbazen's site!
Don't miss out on other write-ups at Eindbazen's site!
ezhp
Pwnables (200 pts)
-------------------
Luckily when you travel back in time, you still get to use all your
knowledge from the present. With that knowledge in hand, breaking
into this service (at 54.81.149.239:9174) owned by The Plague
shouldn't be hard at all.
To set the picture, let’s identify the binary
izsh@box:~$ file ezhp
ezhp: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV),
dynamically linked (uses shared libs), for GNU/Linux 2.6.24,
BuildID[sha1]=0x5fa5bd76db306497b549ea3b0466cd9e9afa2705, stripped
izsh@box:~$ readelf -l ezhp | grep STACK
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4