Have you tried the AoC 22 24 VM?
MD5 (alu.zip) = 8b04d09040e879f7558d59b14e9ef191
- enigmatrix
nc challs.nusgreyhats.org 13500
This challenge was inspired by the series of clone-and-pwn challenges I saw in Real World CTF. It's quite a cool category where they just spin up a random github repository and ask you to find bugs in it. It feels quite "realistic" compared to the usual CTF challenges and gives a different kind of satisfaction when solving.
#include <stdio.h> | |
#include <fcntl.h> | |
#include <stdlib.h> | |
#include <string.h> | |
#include <unistd.h> | |
#include <sys/stat.h> | |
#include <sys/types.h> | |
#include <sys/syscall.h> | |
#define ADD 548 |
This challenge was based on a behaviour I learnt from reading Attacking Network Protocols (James Forshaw). The bug has to do with some integer trickery and I thought it was pretty neat. Fun fact, I crafted the challenge idea while on security trooper duty (screw NS T.T), hence the security trooper theme of the challenge.
The writeup is a bit lengthy, here's the quick solution run through.
Bribe -2147483648 (INT_MIN) which won't be turned positive by positive
, causing money_left
to be negative and giving us the flag.
""" | |
To use the extension, place the file somewhere and add | |
`source /path/to/extension` | |
in your ~/.gdbinit file | |
Use just as you would with `dereference` (https://gef.readthedocs.io/en/master/commands/dereference/) | |
but s/deref/veref/g | |
Many missing features because I quickly whipped this up to solve a challenge. | |
1) Doesn't check for v8 version (Older versions don't use compressed pointers) |