My friend is in my D&D campaign – could you get me his character name? He administrates this site.
This challenge is a very simple SQL injection, asking for the character name.
I can’t figure out how to read the flag 🙁 ssh to 126.96.36.199
The secure_reader program can read the flag, but can only be invoked from the reader program.
Question: Where does The Plague hide his money?
This question is clearly a reference to the movie Hackers, we’ve immediately watched the movie on youtube and skipped to the referenced part in the NSA interview room scene.
This is a very simple network service which will overflow a stack buffer if you send it too much data. The stack is non-executable, which we can get around using Return-Oriented Programming (which is pretty much given away by the challenge name of course). Then the only tricky bit is that ASLR is enabled, which means that libc (which contains all of the interesting functions like system()) will be at a different address each time we connect.