| theme | class | highlighter | fonts | ||||||
|---|---|---|---|---|---|---|---|---|---|
default |
text-center |
MaskRay |
|
In this write-up I will discuss how I managed to solve the challenge "babystack" from 0ctf with a technique called return to dl-resolve. I did not know this kind of return-to attack before the contest. In the following sections a detailed explanation of the entire exploit will be presented.
I downloaded the provided binary babystack and quickly fired up binaryninja alongside with gdb to analyze it. I quickly realized a buffer overflow vulnerability is present within sub_804843b.
My first approach was to solve this challenge using a return-to-libc attack by leaking the base address of the library and call system in order to get a shell.
This technique is contingent on:
- Leaking libc base address
- Knowing the version of libc to get the offset of
system.
However, the version of libc on the remote server was unknown and the ELF did not provide any function that can be us
RichardBronosky
/ README.MD
Last active
April 26, 2025 17:38
cb - A leak-proof tee to the clipboard - Unify the copy and paste commands into one intelligent chainable command.
This script is modeled after tee (see [man tee][2]) and works on Linux, macOS, Cygwin, WSL/WSL2
It's like your normal copy and paste commands, but unified and able to sense when you want it to be chainable.
This project started as an answer to the StackOverflow question: [How can I copy the output of a command directly into my clipboard?][3]