https://github.com/Seraphin-/ctf/blob/master/irisctf2023/

https://github.com/IrisSec/IrisCTF-2023-Challenges

Pwn:

Babyseek:

I'll let you seek around my file as far as you want, but you can't go anywhere since it's /dev/null.

To figure out where things are, you can use the gdb debugger. I recommend using a Docker instance, such as with the Dockerfile provided, to ensure you have an environment that matches the remote server you are attacking.

nc seek.chal.irisc.tf 10004

[seek.zip](<https://cdn.discordapp.com/attachments/1056103369695047750/1060457227770671104/seek.zip>)

Hint!
You can find the location of functions in the Global Offset Table by using their name followed by @got.plt - for example, print &'[email protected]'.

By:sera

seek.zip

ret2libm:

I need to make a pwn? Let's go with that standard warmup rop thing... what was it... ret2libm?

nc ret2libm.chal.irisc.tf 10001

[ret2libm.zip](<https://cdn.discordapp.com/attachments/1056103369695047750/1056146650860621834/ret2libm.zip>)
[Dockerfile](<https://cdn.discordapp.com/attachments/1056103369695047750/1061498899271004251/Dockerfile>)

Hint!
The challenge server may be acting up. If your solution works locally and on the docker but not on remote, please open a ticket!

By:sera

ret2libm.zip

baby?socat:

I love sockets and cats and socat and ls

Socat version on remote is 1.7.4.1

nc socat.chal.irisc.tf10000

[socat.zip](<https://cdn.discordapp.com/attachments/1056103369695047750/1057439960187289757/socat.zip>)

By:sera

socat.zip

Michael Bank:

This is Michael's bank. You can't break into it, it's just impossible.

nc michaelbank.chal.irisc.tf 10003

[Program.cs](<https://cdn.discordapp.com/attachments/1056103369695047750/1060743193441873930/Program.cs>)
[currency_conversion.txt](<https://cdn.discordapp.com/attachments/1056103369695047750/1060743194008096838/currency_conversion.txt>)

By:nope

Program.cs

currency_conversion.txt