Monthly Archives: September 2016
We are given a binary with a libc, so our first guess should be some ret2libc ROP attack. We are also given a very nice buffer overflow in practice(). We can get the address of something in libc by checking … Continue reading
This is very clearly a buffer overflow to ROP. Where easy = system(“cat flag.txt”) Here we ROP into the middle of easy, before the system call, but you can ROP into the start of easy as well.
We are given a broken tar file and a dylib that was used to produce the archive. We can try to extract the tarball. We see that output is some repeated format of “XXXX,”, where X stands for a hex … Continue reading