Points: 500
Solves: 0

Disclaimer: This task is not about pwn/binary exploitation. Please don't try to inject any kind of shellcode, as this is probably not going to help.

One of the students wrote a new, amazing program to accelerate dean's office work at our faculty.

We've already entered all the data into the new program, but we are unable to store them on the hard disk. It turns out that the save command is producing erroneous results. We have to keep the application up and running constantly, because otherwise all the precious student data will be lost.

The program supports the following commands:

Now it's your turn - we need you to patch the program in memory, so the save command will start working properly and we will be finally capable of making backups.

Task setup

The task is to be solved by connecting to a remote server. After connecting, you receive a special shell capable of executing two commands (patch, test). You don't have direct access to the dziekanat application.

Command: patch

Replace a byte in process' virtual memory, syntax:

patch <address> <byte>

example usage:

patch 400AC0 F4

Command: test



after this command is issued, we will:

  1. Execute the save command in the application.
  2. Start the new instance of a program (without your patches).
  3. Execute the load command application.
  4. Check if everything was loaded correctly.

If you manage to help us, we will reward you with a flag.

nc dziekanat.zajebistyc.tf 30100

dziekanat.tar.gz 6442

The flag format is: p4{letters_digits_and_special_characters}.
If you have any questions, ask the organisers in person.

You need to login in order to send flags.