Tags: stackcanary infoleak 


In this challenge, you can leak `stack canary` with brute force. The lesson-learned is that `stack canary` is generated at the program startup and is being re-used for all the function calls in that program. The interesting point is that it is also being reused in the `child process` when we use `fork`. Basically, you can brute force the stack canary one-byte at a time without the value being changed.

Original writeup (https://github.com/sajjadium/ctf-writeups/tree/master/WPICTF/2018/ForkerLevel2).