Simple Format (125 pts) no soln
Tic Tac Toe (200 pts) no soln
Two's Compliment (250 pts) no soln
Little Boi (275 pts) no soln
Unionized (275 pts) no soln
Simple Format Returned (350 pts) no soln
An Attempt Was Made (400 pts) no soln
Hookless (400 pts) no soln
Sequential Shellcode (425 pts) no soln
DOS Protection (450 pts) no soln
INTerruption (500 pts) no soln
Filters (550 pts) no soln
Houses Or Something (750 pts) no soln
I seem to have forgotten my flag ... Can you guess it for me? I get pretty forgetful of what I type so I made sure to always remind myself if I make a mistake so I don't send the same data twice.
The service is located at
host1.metaproblems.com 5470. You can use a tool likencornetcatto access it.Here's the compiled binary.
Hint: %s is a useful format indeed, but are there other ways to display data as well?
I made this super impressive Tic Tac Toe application; it will tell you who won a match. Don't you think that is amazing? I'm hosting it at
host.cg21.metaproblems.comon port3120if you want to test it out. Here I'll even give you the source code to try it out yourself if you would like!No brute force is needed, the solution should work everytime!
Seven ate six
After seven ate six, it thought to itself, "After I ate nine my mouth felt numb, but this time it's even number".
nc
host1.metaproblems.com 5480
With a program this small, there isn't a chance you can find an exploit... right? Here's the Little Boi.
host1.metaproblems.com 5460Note: No data is printed to start this challenge, and the Segmentation faults are part of the challenge
Why didn't anyone tell me about the magic of Unionized when I first started programming? I could have saved so much memory with these nifty things, don't you think? Here, try my application and tell me what you think
host.cg21.metaproblems.com:3150.
Hey so it turns out that I actually left my other flag on the server... Would you mind getting it for me? Don't you remember how easy the last one was, this can't be much worse can it?
nc host1.metaproblems.com 5470The hint may be off by a factor and a half or so, I believe docker isn't given us a fair chance after all
HaHaHa I have removed your foolish rop gadgets, now what are you going to do?
Take this you are going to need this file
nc host.cg21.metaproblems.com 3030Sidenote: This libc is borked for anything besides challenges :P
I seem to have lost my hooks, do you think you can find a way for me that doesn't use them?
I set up an instance for you to show me the way
host.cg21.metaproblems.com:3260
Create some shellcode to get the flag, easy, right?
The binary can be found hereThe service can be found at
host.cg21.metaproblems.com:3340
I designed a custom DOS protection, not sure why everyone doesn't just do it this way?
Why is six scared of seven?
See if you can get this app to execute shellcode and give you the flag. The binary has been patched to run with this libc and ld.
host1.metaproblems.com 5450
With this many filters there is no way you will be able to run anything useful
nc host.cg21.metaproblems.com 3070
The Banana looked tempting but Emma stopped me and I decided to copy her instead.
nc host.cg21.metaproblems.com 3010