Disclaimer: This task is not about pwn/binary exploitation. Please don't try to inject any kind of shellcode, as this is probably not going to help.
One of the students wrote a new, amazing program to accelerate dean's office work at our faculty.
We've already entered all the data into the new program, but we are unable to store them on the hard disk. It turns out that the
savecommand is producing erroneous results. We have to keep the application up and running constantly, because otherwise all the precious student data will be lost.
The program supports the following commands:
add <personalId><name> <surname>- add new student to the database
del <personalId>- delete student by ID
lookup <personalId>- get student's record by ID
save- save records into
students.dat(doesn't work properly)
dump- print all student records (doesn't work either, strange output)
load- load records from
Now it's your turn - we need you to patch the program in memory, so the
savecommand will start working properly and we will be finally capable of making backups.
The task is to be solved by connecting to a remote server. After connecting, you receive a special shell capable of executing two commands (
test). You don't have direct access to the
Replace a byte in process' virtual memory, syntax:
patch <address> <byte>
patch 400AC0 F4
after this command is issued, we will:
- Execute the
savecommand in the application.
- Start the new instance of a program (without your patches).
- Execute the
- Check if everything was loaded correctly.
If you manage to help us, we will reward you with a flag.
nc dziekanat.zajebistyc.tf 30100
The flag format is:
If you have any questions, ask the organisers in person.