Skip to content
/ FancyVote Public

My solution to the BFS Ekoparty Exploitation Challenge

2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

patois/FancyVote

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
README.md
README.md
 
 
bfs.zip
bfs.zip
 
 
condbpt.png
condbpt.png
 
 
fancyvote.py
fancyvote.py
 
 
fv.gif
fv.gif
 
 

Repository files navigation

FancyVote

My solution to the BFS Ekoparty Exploitation Challenge.

See https://labs.bluefrostsecurity.de/blog/2017/08/02/bfs-ekoparty-exploitation-challenge/

Placing a conditional breakpoint at 0x13F4913D7 (as shown below) suspends the process the moment the instruction pointer RIP is taken control of, having bypassed the stack cookie check and the payload set up on the stack already. The payload then causes the process to jump into a call to system(), then to return to the vulnerable function, bypassing the stack cookie once more before it finally jumps into ROP payload that adjusts the stack pointer by applying funky patches directly to the stack.

Conditional breakpoint Payload

About

My solution to the BFS Ekoparty Exploitation Challenge

Topics

challenge exploit rop exploitation ekoparty

Resources

Readme
Activity

Stars

2 stars

Watchers

4 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages