CyberYoddha 2020 Write-Up
This event is event that for beginner, so it will teach you some basic to intermediate challenge and will teach you new method and new understanding about some security awarenes, this event start from 30th October to 1th November.
I play this event with my friends, you can check his blog here.
In this challenge we just need to read and understand about python list to get the flag.
you just need to ordered the password list from 0 and we got the flag.
In this challenge if you read and analyze the source code, you’ll understand we just need to input string
as the input, and i add print command in line 15 to print our input which already processing.
As you can see, in line 13 there’s string wich is base64 encode, and look at line 8 there’s doing looping and xor for each char and xor it with 0x55, so first you need to decode string on line 13, and do it xor with 0x55 as the key, i use cybercheff to make it simple, at least i understand what is it doing and how it work.
In this challenge we need to overflow return address and control the program flow execution to execute function run_shell wich is will give us shell.
I open it using gdb and add breakpoints in the end of main function
run it and input a bunch of “A”
as you can see on register EIP value is AAAA that is our input and that mean we success overflow the return address, wich we want it to run_shell address, so here’s my exploit
If you download the source code and read it
you will know that we need to overflow variable vuln with values 0xd3adb33f. then we will got shell, in this challenge we don’t need to find buff to overwrite variable vuln, because it declared side by side, so we just need to write 16 buff and hex target, here’s my exploit