Aviso Cookies

Este sitio web utiliza cookies para que usted tenga una mejor experiencia de usuario. Las cookies no se utilizan para recoger información de carácter personal. Para más información consulte nuestra política de cookies.

Portal de la Seguridad social
Ir a contenido Desplegar campo de búsqueda

Bad Memories -v0.9- -recreation- Now

(gdb) call ((void(*)(char*))0x401456)(0x6020a0+8) Or simply:

[0x00401234]> afl | grep secret 0x00401456 sym.secret_function Disassemble secret_function :

strings core.dump | grep -i ctf Returns: Bad Memories -v0.9- -recreation-

But it’s never called normally. The challenge name "Bad Memories" + -recreation- hints we need to force a UAF to redirect execution to this function. Examine heap chunks in the core dump.

Check with radare2 :

Using gdb with the core file:

gdb -c core.dump (gdb) dump memory recovered.bin 0x400000 0x401000 # typical .text section But better: use volatility (if full memory dump) or memdump from /proc/pid/maps style. Check with radare2 : Using gdb with the

In GDB, call the overwritten function:

void secret_function() char flag[64]; FILE *f = fopen("flag.txt", "r"); fread(flag, 1, 64, f); flag[strcspn(flag, "\n")] = 0; printf("Flag: %s\n", flag); FILE *f = fopen("flag.txt"

Also found references to malloc , free , heap , and flag.txt . Since only the core dump was given (no original binary), we need to recreate the binary or at least its memory layout.

Complementary Content
${loading}