Tags: pwntools python pwn exploitation
Full writeup here: https://github.com/Ret2Me/WriteUps/blob/main/CTFs/ImaginaryCTF/Speed.md
Program is very simple and vulnerable.
1. Python program generates c++ code with random array size what makes exploitation a little bit harder.
2. Python program compiles procedural generated C++ code with "-fno-stack-protector", "-no-pie" settings what is a big security mistake.
3. Python program sends to user copy of the generated program encoded in base64
4. Python run code written in C++ as a subprocess
1. Subprocess gets data from user input without any size restriction and allocates it in array what can cause bufferoverflow
2. Subprocess says "Thanks!" and this is his end
5. Python program removes file from disk