https://github.com/UofTCTF/uoftctf-2024-chals-public

Pwn:

basic-overflow:

This challenge is simple.

It just gets input, stores it to a buffer.

It calls gets to read input, stores the read bytes to a buffer, then exits.

What is gets, you ask? Well, it's time you read the manual, no?

man 3 gets

Cryptic message from author: There are times when you tell them something, but they don't reply. In those cases, you must try again. Don't just shoot one shot; sometimes, they're just not ready yet.

Author: drec

nc 34.123.15.202 5000

Hint:
1.If you don't have the manual in your machine, you can enter the command in google to read it online :)
2.There are a lot of nice ways to see how the program works!

There's IDA (very expensive software!) Ghidra is a free one, made by the NSA And there's good old objdump, a lightweight disassembler

Why don't you try one of these while you're waiting for output?

[basic-overflow](<https://play.uoftctf.org/files/e8e0f9b5a552029f0605b2df25f61166/basic-overflow?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjo5fQ.ZaZR_g.OvgmtpyVJ7UWz-wWxrnYXVaSJNE>)

basic-overflow.zip

baby-shellcode:

This challenge is a test to see if you know how to write programs that machines can understand.

Oh, you know how to code?

Write some code into this program, and the program will run it for you.

What programming language, you ask? Well... I said it's the language that machines can understand.

Author: drec

nc 34.28.147.7 5000

[baby-shellcode](<https://play.uoftctf.org/files/5ad2cf18439523a54741d8f3fb72b3e9/baby-shellcode?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjo4fQ.ZaZggA.5USubt6HEpuZfd1ZywyNSSK0S5s>)

baby-shellcode.zip

patched-shell:

Okay, okay. So you were smart enough to do basic overflow huh...

Now try this challenge! I patched the shell function so it calls system instead of execve... so now your exploit shouldn't work! bwahahahahaha

Note: due to the copycat nature of this challenge, it suffers from the same bug that was in basic-overflow. see the cryptic message there for more information.

Author: drec

nc 34.134.173.142 5000

[patched-shell](<https://play.uoftctf.org/files/12f1068dd85eae74db96f7ab6834205f/patched-shell?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjoxM30.ZaZgqw.S_V-oFYdtkXr9gHEdV8qe7JgEJk>)

patched-shell.zip

nothing-to-return:

Now this challenge has a binary of a very small size.

"The binary has no useful gadgets! There is just nothing to return to!"

nice try... ntr

Author: drec

nc 34.30.126.104 5000

[nothing-to-return](<https://play.uoftctf.org/files/99ea7fee2ae1026b2df2c9a0cb94aff6/nothing-to-return?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjo1OH0.ZaZg5w.nIC1BHrVEO_SFdgoLHo993KlP84>)
[libc.so.6](<https://play.uoftctf.org/files/c8305eda436276eaf9c6646c0447d5e5/libc.so.6?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjoxMX0.ZaZg5w.LRjQeUyr2zJtTSHabKGKiCAzuIs>)
[ld-linux-x86-64.so.2](<https://play.uoftctf.org/files/57c1e70e497d4b584134b8406bd33ffa/ld-linux-x86-64.so.2?token=eyJ1c2VyX2lkIjoxOTg4LCJ0ZWFtX2lkIjoxMjM1LCJmaWxlX2lkIjoxMH0.ZaZg5w.eamnG3uFq9CEnljxXzavIw-Txis>)

nothing-to-return.zip

Web: