Hey guys! Here there is another writeup of a pwn of the HackCon18 ctf. The challenge She Sells Sea Shells was a very easy pwn based on buffer overflow, where you can simply put a shellcode in buffer and jump on it!
First step is a normal checksec for see all protection implemented:
Nothing enable! Try now to execute this binary:
Yep, a simple buffer overflow. Note that there is an address in the output of binary. Let’s see what is this address with gdb examining the core dump created:
how we can see this address is the init of our buffer, then we can put our shellcode at this address and exec it. Now compute the size of buffer:
where 8 is the size of return address. Now we can insert all information in a script:
and run it: