RIP my bof
30 points Easy

Okay so we have a bof, can we get it to redirect IP (instruction pointer) to something else?

If you get stuck liveoverflow covers you again!

nc thekidofarcrania.com 4902

simple-rip.tar.gz
Flag
Rating 4.77
5
4
3
2
1

Discussion

why the hell would python3 print c2's ,what are this c2's

0

Can somebody please explain why there are 12 Bytes between the "padding variable" and the return address? I know that in those 12 Bytes there is EBP, but it is only 4 bytes long.

0

Great challenge :)

0

To anyone who can read this, kindly use python2 when working with bin xploits. Python 3 has an annoying byte-ascii conversion

2
Protected
0
Protected
0

Open gdb, put break point at win, see the address printed

0

very nice challenge

0

Took me an entire day! I was looking ebx which I correctly overrided with the win address. That's not the crux of solving this and I wasted time wondering why. After almost a day, it dawned on me to also look at the buff visualisation and realised I haven't overflowed enough to reach the return address. And last but not least, I was wondering why gdb run told me that flag.txt was not found and then realised I need to redurect my python exploit file into the server version because the flag file is on the server, not locally.

0

The liveoverflow video can be found on youtube: https://www.youtube.com/watch?v=8QzOC8HfOqU&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN&index=15

5