Codegate 2k14 AngryDoraemon (pwnable 250) write up
This is an easy pwnable level but very interesting since there are many ways to exploit it so lets start checking the binary protections: Not bad, ASLR and NX enabled and the stack is protected with a Canary. Lets analyze what does it do … Running the binary opens a socket in port 8888 which we can connect to and receive a menu with options to attack Doraemon: Normally I play with the binary and try to get a crash which is simple in this case, but this time I decided to do some Reversing that payed off very well, I found the following vulnerabilities: