SunshineCTF 2025 - Jacksonville
Download the binary here My go-to process for binary exploitation (pwn) challenges is: Check Security (checksec or the file command) Dogbolt / Ghidra pwntools (see above link) Step 1: Security The output of checksec was: Arch: amd64-64-little RELRO: Full RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) RUNPATH: b'$ORIGIN' SHSTK: Enabled IBT: Enabled Stripped: No The critical values we’re looking for are: “Stack” (no canary is good) “NX” (NX enabled means we can’t execute instructions on the stack) PIE (no PIE means the binary’s functions will be at at the same memory addresses every time). The good news is that we don’t have to worry about stack canaries and if we can find a buffer overflow, then we should be able to return to any function in the program we want. ...