DUCTF5

This challenge involves understanding on how Vector Variable were stored in memory for C++. The program able to overflow the Vector Pointer to change where it points to. Initial Analysis File Analysis To know more about the given executable, we can use file command. file vector_overflow vector_overflow: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=4a0b824c662ee47b5cd3e73176c0092f1fcf714b, for GNU/Linux 3.2.0, not stripped Key Findings:- 64-bit executable not stripped means the executable has not had its symbol table and relocation information removed. Executable Security Check To figure out what security mitigations enabled in this executable, we can use checksec command that comes with pwntools library ...

This challenge involves exploiting buffer overflow and format string vulnerabilities. The buffer overflow allows us to leverage the format string %s to leak addresses. Additionally, this challenge includes a return-to-libc (ret2libc) attack. Intial Analysis In this challenge we were given 4 different files. yawa (challenge executable) yawa.c (challenge source code) ld-2.35.so (dynamic linker/loader for the GNU C Library version 2.35) libc.so.6 (main shared library for the GNU C Library) When initially received executable, yawa cannot be run due the executable requirements using specific linker and main shared library. Using pwninit (https://github.com/io12/pwninit), the patching process becomes much easier. Now with the patched binary, it can now be run. ...