#CTF bufferoverflow simple

1 messages · Page 1 of 1 (latest)

tiny fossil Sep 9, 2023, 6:41 PM

this is what it looks like decompiled in Ghidra

that was the flag function

and this is the main function which is vulnerable to bufferoverflow

the program is supposed to return back what you said with Hello + whatever you wrote

so i overflowed it with this (python3 -c 'print("A"*39 + "\x92\x11\x40\x00\x00\x00\x00\x00", end="")')

the address is supposed to be the flag function

i think im supposed to somehow make use of gadgets but idk if that is necessary

also another important information is that the flag might only be accessible through netcat, so it doesnt exist on our computer. So the script i write must work to retrieve the flag from the server as well

So how do i execute the flag function without ending with a segmentation fault

tiny fossil Sep 9, 2023, 7:06 PM

i have made it so that the program flows through the flag function, which is good

but the problem is it crashes with program received signal SIGSEGV, segmentation fault.

and it does that a bit after it tries to read the file. interestingly enough rsp seems to be flag.txt when it crashes

below rsp, i see that ive corrupted some of them with AAAAAA or 4141414141

is that why its crashing?