RIP my bof
30 points Easy

Okay so we have a bof, can we get it to redirect IP (instruction pointer) to something else?

If you get stuck liveoverflow covers you again!

nc thekidofarcrania.com 4902

simple-rip.tar.gz
Flag
Rating 4.81
5
4
3
2
1

Discussion

Very practical for a beginner, THANKS. #hint: replace the 'return address' with the 'win()' function address. (you can find it using any debugger as 'gdb' is), then using python2 to inject it (or overflow it) into the binary. (Ensure the address is in 'raw binary' value !).

1

Basically it is similar to RET2WIN attack as we have to overwrite the return address with the address of win function...hence we'll get the flag :)

0

GOOD

0

fuck python3

1

It happened to me that the address box returns: 8b 86 04 08, when in reality it is: 86 85 04 08, for this reason I could not find the flag, it always returned the message: "timeout: the monitored command dumped core"

0

CTFlearn{c0ntr0ling_r1p_1s_n0t_t00_h4rd_abjkdlfa}

-13

have some guides?

0

goodthings

0

really suitable for a newer!

0

broo.. i couldn.t paste the sting which has the address it magically includes a c2 how to do it..

EDITED AFTER COMPLETION: learned few new things.. good challenge took 2 days

0

assembly language and gdb, stack must understand.

1