pwn

As this chall already has an official writeup](https://hackmd.io/@blackb6a/hkcert-ctf-2024-ii-en-07128acbc80dd0a4#Pwn-Flag-hasher), please consider this page as some notes to make the payload 1 - Looping the connection index for a linear lookup of the memory’s contents while loop checking if an error occurs if it occurs, stops some time before reconnecting 2 - Converting the received hash pretty straightforward, but there are some pitfalls to avoid due to python’s handling of the bytes type:...

Challenge’s files PWN (beginner) - runway3 a look at canaries, stack alignement and basic This is the last challenge tagged for beginners. We are given both the binary and the source code. By running file on the binary: By using checksec on the binary, we can see the following: Arch: amd64-64-little RELRO: Partial RELROw Stack: Canary found NX: NX enabled PIE: No PIE (0x400000) What matters here is that a canary is found in binary....

Links Complete Cheatsheet w/ examples Official Doc Binaries p = process('/binary') e = ELF('./binary') creates an ELF object, allowing you to access symbols, addresses… rop = ROP(e) Dealing with Network Netcat When you’re given a nc <address> <port> command, its equivalent is r = remote(address, port) Strings != Bytes pwntools reference To convert a string to a Bytes array, do s.encode('charmap'), with s your string.