Category: Pwn Points: 300 Solves: 53 Description:

h3y... can you leave me a note?

For this challenge we were given a binary and the libc used on the server. Up front I should say, I didn't solve this challenge the way it was intended. Other writeups out there will go over the proper way. This writeup goes over my way.

This was an exploit challenge that serves as a nice introduction to the concept of Stack Smashing Protector leaking.

$ file checker 
checker: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/, for GNU/Linux 2.6.24, BuildID[sha1]=93df47896b068ea44ddcd0b97780375cd589987e, not stripped

Category: Forensics Points: 50 Solves: Description:


Is kill can fix? Sign the autopsy file?


In this challenge we get a file named "kill.pcapng". However, running wireshark on will not open it:

This reversing challenge is a good example of how you can solve a problem a few different ways. I initially solved this challenge symbolically (which i believe is the easiest way, actually). However, the challenge can also be solved dynamically which is what the authors intended. I will go over both solutions here.


$ file neophyte_reversing_ccabcc8f0b9900638a75017f2d6dc029 
neophyte_reversing_ccabcc8f0b9900638a75017f2d6dc029: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/, for GNU/Linux 2.6.24, BuildID[sha1]=f382dd94583c7310bc8b3dd538e9e604f5a6ee38, stripped