167 Points
I'll let you seek around my file as far as you want, but you can't go anywhere since it's /dev/null.
To figure out where things are, you can use the
gdb
debugger. I recommend using a Docker instance, such as with the Dockerfile provided, to ensure you have an environment that matches the remote server you are attacking.
nc seek.chal.irisc.tf 10004
seek.zip
Hint!
You can find the location of functions in the Global Offset Table by using their name followed by
@got.plt
- for example,
print &'
[email protected]
'
.
By:
sera
392 Points
I need to make a pwn? Let's go with that standard warmup rop thing... what was it... ret2libm?
Hint!
The challenge server may be acting up. If your solution works locally and on the docker but not on remote, please open a ticket!
By:
sera
478 Points
I love sockets and cats and socat and
ls
Socat version on remote is
1.7.4.1
nc socat.chal.irisc.tf 10000
socat.zip
By:
sera
494 Points
This is Michael's bank. You can't break into it, it's just impossible.
By:
nope
500 Points
At the end lies your flag.
Updated distribution file: added Dockerfile and run script
nc infinitedescent.chal.irisc.tf 10002
infinitedescent.zip
Hint!
How is memory laid out in the binary that's very different than a non-embedded binary? Also if you're scared of the qemu, it might help to know you can debug the binary with the
-s -S
flags and gdb-multiarch.
By:
sera