Challenge category:
Binary Exploitation
Binary Exploitation Cryptography Forensics Miscellaneous Networks Radio Frequency Reverse Engineering Web Exploitation Welcome
167 Points

I'll let you seek around my file as far as you want, but you can't go anywhere since it's /dev/null.

To figure out where things are, you can use the gdb debugger. I recommend using a Docker instance, such as with the Dockerfile provided, to ensure you have an environment that matches the remote server you are attacking.


You can find the location of functions in the Global Offset Table by using their name followed by @got.plt - for example, print &' [email protected] ' .

By: sera
392 Points

I need to make a pwn? Let's go with that standard warmup rop thing... what was it... ret2libm?


The challenge server may be acting up. If your solution works locally and on the docker but not on remote, please open a ticket!

By: sera
478 Points

I love sockets and cats and socat and ls

Socat version on remote is

By: sera
Michael Bank
494 Points

This is Michael's bank. You can't break into it, it's just impossible.

By: nope

At the end lies your flag.

Updated distribution file: added Dockerfile and run script


How is memory laid out in the binary that's very different than a non-embedded binary? Also if you're scared of the qemu, it might help to know you can debug the binary with the -s -S flags and gdb-multiarch.

By: sera