https://app.hackthebox.com/challenges/460

Description

It’s time to learn some things about binaries and basic c. Connect to a remote server and answer some questions to get the flag.

Solution

Is this a ‘32-bit’ or ‘64-bit’ ELF? (e.g. 1337-bit)

64-bit

What’s the linking of the binary? (e.g. static, dynamic)

dynamic

Is the binary ‘stripped’ or ’not stripped’?

not stripped

Which protections are enabled (Canary, NX, PIE, Fortify)?

NX

What is the name of the custom function the gets called inside main()? (e.g. vulnerable_function())

vuln

What is the size of the ‘buffer’ (in hex or decimal)?

0x20

Which custom function is never called? (e.g. vuln())

gg

What is the name of the standard function that could trigger a Buffer Overflow? (e.g. fprintf())

fgets

Insert 30, then 39, then 40 ‘A’s in the program and see the output. After how many bytes a Segmentation Fault occurs (in hex or decimal)?

40

What is the address of ‘gg()’ in hex? (e.g. 0x401337)

0x401176

Summary

Questionnaire: use the format-string bug for a leak or write, then redirect execution to the flag path.