Cyber Training Guide
IronForgeCyberHow-To: Radare2How-To: GDB
  • Cyber Training Guide
  • 0x0: Introduction
    • git-good
    • root-1
    • root-2
    • intro
  • Binary Exploitation (pwn)
    • What is Binary Exploitation?
    • 0x1: ret2win
      • win32
      • win64
      • args
    • 0x2: shellcodes
      • location
      • shell
      • constrained
    • 0x3: format strings
      • format
      • chase
      • bbpwn
    • 0x4: stack canaries
      • canary
      • findme
    • 0x5: ROP
      • rop2win
      • split
      • callme
      • write4
      • badchars
    • 0x6: PIE
      • gimme
      • leak32
      • leak64
    • 0x7: ASLR
      • groundzero
      • stepup
      • ret2plt
    • 0x8: GOT overwrites
      • gotem
      • gotem64
  • Programming
    • What is the Programming Section?
    • 0x9: Data Serialization
      • LinkedOps
      • Tree
      • TeLeVision
    • 0xA: Programming
      • Calorie Counting
      • Hash
      • Rock Paper Scissors
      • Watch the Register
      • Supply Stacks
      • Rope Bridge
      • Mountain Climbers
  • Reverse Engineering (RE)
    • What is Reverse Engineering?
    • 0xB: Ghidra
      • hardcode
      • undo
      • snake
  • Toolkit
    • Using Pwntools
      • Establishing Connection
      • Context
      • Sending/Receiving Data
      • The ELF Class
    • My Workflow
      • Tmux
      • Vim
Powered by GitBook
On this page
  • Description
  • Flag
  • Solution

Was this helpful?

  1. Binary Exploitation (pwn)
  2. 0x2: shellcodes

constrained

Writing shellcode, but we're limited on space.

PreviousshellNext0x3: format strings

Last updated 1 year ago

Was this helpful?

Category: shellcodes (0x2) Points: 50

Description

Sometimes you have to work in tight spaces... can you still manage to pop the shell? nc vunrotc.cole-ellis.com 2200

This is a 32-bit shellcode where the user is provided the address of the buffer.

Flag

flag{shellstorm_is_really_useful}

Solution

You'll realize that your solution from shell works here if you use Shellstorm 811 for your shellode. The buffer is small enough to hold the entire shellcode. Change the return pointer, and you'll pop a shell!

3KB
constrained.zip
archive