Ainsley Woo - Hack the Threat | Cybersecurity Portfolio

Connection Information

nc ctf.example.com 9001

Objective

Exploit a buffer overflow vulnerability to execute arbitrary code and read the flag file.

Scenario

You are given a binary executable with a classic buffer overflow vulnerability. The program is running on a remote server with the flag file. Exploit the vulnerability to gain code execution and retrieve the flag.

Challenge Files

vuln_binary

16 KB

vuln_binary.c

1.2 KB

Hints

Hint 1

The program uses strcpy without bounds checking

Hint 2

Find the offset to overwrite the return address

Hint 3

You might need to disable ASLR for local testing

Hint 4

A simple ret2win or shell spawning payload will work

Spoiler Warning: The solution below contains the complete walkthrough. Try to solve the challenge yourself first!

Solution

This challenge exploits a stack-based buffer overflow to overwrite the return address and redirect execution.

Step 1: Analyze the Binary

Examine the source code and identify the vulnerable function.

step-1.sh

void vulnerable_function(char *input) {
    char buffer[64];
    strcpy(buffer, input); // No bounds checking!
    printf("Buffer content: %s\n", buffer);
}

Step 2: Find the Offset

Use pattern_create and pattern_offset to find how many bytes until EIP/RIP.

Step 3: Craft the Exploit

Build a payload that overwrites the return address with the win function address.

Step 4: Get the Flag

The exploit redirects execution to the win() function which prints the flag.

Flag

CTF{buff3r_0v3rfl0w_pwn3d}

Key Learnings

Always use bounds-checked functions like strncpy

Enable stack canaries, ASLR, and DEP for protection

Buffer overflows can lead to arbitrary code execution

Understanding memory layout is crucial for exploitation

Back to All Challenges

Buffer Overflow Basics

Connection Information

Objective

Scenario

Challenge Files

Hints

Solution

Step 1: Analyze the Binary

Step 2: Find the Offset

Step 3: Craft the Exploit

Step 4: Get the Flag

Flag

Key Learnings

Solution

Step 1: Analyze the Binary

Step 2: Find the Offset

Step 3: Craft the Exploit

Step 4: Get the Flag

Flag

Key Learnings