Small introduction to ROP and format string

As the title indicates, this is a very small introduction to return oriented programing (ROP) and format strings for people that don't yet know what this techniques are and what they are used for.

This post is meant for people willing to understand what this 2 exploitation techniques are so experts will get bored only seeing the title :).

Defcon 2015 Quals - babycmd writeup

We are given the folowing information and a binary to download:

babycmd_3ad28b10e8ab283d7df81795075f600b.quals.shallweplayaga.me:15491 (Download)

$ file babycmd_3ad28b10e8ab283d7df81795075f600b
babycmd_3ad28b10e8ab283d7df81795075f600b: ELF 64-bit LSB  shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, stripped

$ checksec.sh --file babycmd_3ad28b10e8ab283d7df81795075f600b
RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE
No RELRO        Canary found      NX enabled    PIE enabled     No RPATH   No RUNPATH   babycmd_3ad28b10e8ab283d7df81795075f600b

Running the binary, it provides us with 3 functionalities: ping, host, dig

Defcon 2015 Quals - mathwhiz solution

Category: Baby's First Points: 1

The information given to us:

mathwhiz_c951d46fed68687ad93a84e702800b7a.quals.shallweplayaga.me:21249

After connecting to it we can see it's giving us mathematical operations and he's waiting for the result. The solution is pretty easy. Get the data and pass it to python eval and return the result to the server.

Defcon 2015 Quals - Babyecho Writeup

This write-up is made by boogy of the on_est_pas_contents ctf team

This was an cool challenge which was worth 1 point. But nevertheless we enjoyed solving it. The binary is 32bit and striped: