App - System

Tuesday 25 September 2018, 10:27  #1
App - System - Information Leakage with Stack Smashing Protector discussion after solving the challenge
realyc
realyc
  • 1 posts

[!!!SPOILER ALERT!!!]
[!!!SPOILER ALERT!!!]
[!!!SPOILER ALERT!!!]

So I solved the challenge earlier than I expected. I didn’t think that the password would just be written as plaintext in the ELF image. I was expecting to be able to dump some .text contents of the binary, and then build an ROP chain out of imperfect data (since some bytes can’t be retrieved due to the server delimiting the input by whitespace). How challenging would it be if that were what we had to do?

The binary seems dynamically linked and the ASLR re-randomizes per connection, so any gadgets in the dynamic libraries seem useless. Because we use dynamic linking I would also suspect that there aren’t many gadgets in the main executable. So if this challenge required us to actually build an ROP chain, how difficult do you think that would be?

New reply New reply   New topic New topic