https://github.com/UofTCTF/uoftctf-2024-chals-public
This challenge is simple.
It just gets input, stores it to a buffer.
It calls gets to read input, stores the read bytes to a buffer, then exits.
What is gets, you ask? Well, it's time you read the manual, no?
man 3 gets
Cryptic message from author: There are times when you tell them something, but they don't reply. In those cases, you must try again. Don't just shoot one shot; sometimes, they're just not ready yet.
Author: drec
nc 34.123.15.202 5000
Hint:
1.If you don't have the manual in your machine, you can enter the command in google to read it online :)
2.There are a lot of nice ways to see how the program works!
There's IDA (very expensive software!) Ghidra is a free one, made by the NSA And there's good old objdump, a lightweight disassembler
Why don't you try one of these while you're waiting for output?
[basic-overflow](<https://play.uoftctf.org/files/e8e0f9b5a552029f0605b2df25f61166/basic-overflow?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjo5fQ.ZaZR_g.OvgmtpyVJ7UWz-wWxrnYXVaSJNE>)
This challenge is a test to see if you know how to write programs that machines can understand.
Oh, you know how to code?
Write some code into this program, and the program will run it for you.
What programming language, you ask? Well... I said it's the language that machines can understand.
Author: drec
nc 34.28.147.7 5000
[baby-shellcode](<https://play.uoftctf.org/files/5ad2cf18439523a54741d8f3fb72b3e9/baby-shellcode?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjo4fQ.ZaZggA.5USubt6HEpuZfd1ZywyNSSK0S5s>)
Okay, okay. So you were smart enough to do basic overflow huh...
Now try this challenge! I patched the shell function so it calls system instead of execve... so now your exploit shouldn't work! bwahahahahaha
Note: due to the copycat nature of this challenge, it suffers from the same bug that was in basic-overflow. see the cryptic message there for more information.
Author: drec
nc 34.134.173.142 5000
[patched-shell](<https://play.uoftctf.org/files/12f1068dd85eae74db96f7ab6834205f/patched-shell?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjoxM30.ZaZgqw.S_V-oFYdtkXr9gHEdV8qe7JgEJk>)
Now this challenge has a binary of a very small size.
"The binary has no useful gadgets! There is just nothing to return to!"
nice try... ntr
Author: drec
nc 34.30.126.104 5000
[nothing-to-return](<https://play.uoftctf.org/files/99ea7fee2ae1026b2df2c9a0cb94aff6/nothing-to-return?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjo1OH0.ZaZg5w.nIC1BHrVEO_SFdgoLHo993KlP84>)
[libc.so.6](<https://play.uoftctf.org/files/c8305eda436276eaf9c6646c0447d5e5/libc.so.6?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjoxMX0.ZaZg5w.LRjQeUyr2zJtTSHabKGKiCAzuIs>)
[ld-linux-x86-64.so.2](<https://play.uoftctf.org/files/57c1e70e497d4b584134b8406bd33ffa/ld-linux-x86-64.so.2?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjoxMH0.ZaZg5w.eamnG3uFq9CEnljxXzavIw-Txis>)