Binary exploitation and reverse engineering challenges from the COlicyber practice track.
More Private Club — Simple ret2win Buffer Overflow
Overflow a stack buffer to overwrite the return address with a known win function address, then trigger it.
Binary
Binary exploitation challenges from COlicyber — buffer overflows, format strings, ROP, shellcode, reversing.
readdle — Two-Stage Shellcode via Stub Read Gadget
Inject a 4-byte stub shellcode that calls read to pull a full shell payload into the same buffer, then jump to it — bypassing the initial 4-byte size constraint on the first write.
Secret Vault — Heap Address Leak + Shellcode via Stack Overflow
Trigger a heap allocation that the binary prints, compute the shellcode landing address at heap+96, then overflow the stack with that return address followed by shellcode to get a shell.
Super Market — Integer Underflow Price Manipulation
Pass a negative quantity to an unsigned arithmetic check, causing integer underflow that bypasses a balance validation and grants access to a premium item.
Terminator — Canary Leak + Full ret2libc
Overwrite the canary’s null byte to leak the full 8-byte cookie over printf, simultaneously leak a saved RBP to base the stack, then use puts@got to find libc base and call system(’/bin/sh’) — all in two trips through the same vulnerable function.