35C3 Junior CTF pwnables
Clone or download
Latest commit d9b88fa Dec 30, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
1996 Initial commit Dec 30, 2018
arraymaster1 Initial commit Dec 30, 2018
arraymaster2 Initial commit Dec 30, 2018
poet Initial commit Dec 30, 2018
stringmaster1 Initial commit Dec 30, 2018
stringmaster2 Initial commit Dec 30, 2018
sum Initial commit Dec 30, 2018
README.md Initial commit Dec 30, 2018


35C3 Junior CTF pwnables

Source code and exploits for the 35C3 Junior CTF pwnables.

To recreate the CTF environment with docker enter the challenge directory and run:


For each challenge the files in the respective subdirectory distrib were given.

Note: For some exploits offsets to libc symbols are used. These can change when the libc used in the docker container is updated. Use the following command to retrieve the libc currently used in the docker environment:

docker cp -L <challenge_name>:/lib/x86_64-linux-gnu/libc.so.6 .


We are looking for the poet of the year:

nc localhost 22223

Difficulty estimate: very easy


It's 1996 all over again!

nc localhost 22227

Difficulty estimate: very easy


Eat, sleep, swap, replace

nc localhost 22224

Difficulty estimate: easy


Eat, sleep, swap, replace

This time with more mitigations!

nc localhost 22225

Difficulty estimate: medium


Sum it up!

nc localhost 22226

Difficulty estimate: easy


Would you mind briefly testing our new integer array implementation?

nc localhost 22228

Difficulty estimate: easy - medium


We improved our security with more mitigations.

nc localhost 22229

Difficulty estimate: hard