SkullSecurity

New #security #blog post on #SkullSecurity by @iagox86: goto-zero: An extended intro to solving stack overflow CTF challenges, filed under #ctfs

https://www.skullsecurity.org/2024/goto-zero-a-fake-ctf-challenge-to-show-off-something

(Replies here will show up on the blog post)

goto-zero: An extended intro to solving stack overflow CTF challenges

Hey all! My husband’s company recently did an internal (commercial) CTF, and as a CTF nerd I got suckered into helping him. I thought one of the challenges had a pretty interesting solution - at least, something I hadn’t done before - and I thought I’d do a little write-up! Because it’s a commercial CTF, I wrote my own vulnerability binary, which you can grab here. It’s much, much simpler, but has all the components I wanted. They also provided libc.so, but since I’m not actually running the challenge, you can just use your own copy. (Note that I’m running the BSidesSF CTF again this spring, and will probably gussy up this challenge a bit and throw it in - don’t let a good challenge go unwasted!)

SkullSecurity Blog
Dec 12, 2024 at 5:13pmWeb
Show threadGrazfatherJan 9, 2025

@skullsecurity @iagox86 Nice post. For the srand stuff, since I try to avoid patching binaries, I tend to use LD_PRELOAD with a custom library with a nop-srand, or maybe a `rand` that always returns the same value.

This lets you do some extra stuff as well, such as logging every time it's called.

Show threadRon BowesJan 10, 2025
@Grazfather @skullsecurity Yup, that's another option! I mostly wanted to demo the technique (and it also saves some trouble since you doing have to remember to set the variable)