← BACK TO CHALLENGES
ADVANCED

BRAINFUCK

Interpreter Exploit
500
POINTS
DESCRIPTION
A Brainfuck interpreter runs with a data tape. The tape pointer can move left into the process memory - giving arbitrary read/write. Exploit chain: Move tape pointer left into the GOT section with < operators, use . to leak puts() address from GOT to compute libc base, then compute system() = libc_base + offset. Use , to write system() address over putchar@GOT. When interpreter calls putchar, it calls system("/bin/sh") instead.
HOW TO CONNECT
SSH into the challenge server: Host: pwnable.kr Port: 2222 User: bf Pass: guest Command: ssh [email protected] -p2222 Tools needed: pip install pwntools Analysis: cat bf.c checksec ./bf ldd ./bf python3 bf_exploit.py
ssh [email protected] -p2222
SUBMIT FLAG
Login or register to submit flags and earn points.
Flags are found on the challenge server after successful exploitation.