Skip to content

My solution to the BFS Ekoparty Exploitation Challenge

Notifications You must be signed in to change notification settings

patois/FancyVote

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

FancyVote

My solution to the BFS Ekoparty Exploitation Challenge.

See https://labs.bluefrostsecurity.de/blog/2017/08/02/bfs-ekoparty-exploitation-challenge/

Placing a conditional breakpoint at 0x13F4913D7 (as shown below) suspends the process the moment the instruction pointer RIP is taken control of, having bypassed the stack cookie check and the payload set up on the stack already. The payload then causes the process to jump into a call to system(), then to return to the vulnerable function, bypassing the stack cookie once more before it finally jumps into ROP payload that adjusts the stack pointer by applying funky patches directly to the stack.

Conditional breakpoint Payload

About

My solution to the BFS Ekoparty Exploitation Challenge

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages