TryPwnMe Two

I heard that you wanted to practice Exploit Development. Well, I'm the Blizzard Bear, the master-pwner of the Frosty Five team, and I have some challenges for you to practice. Can you beat me and crack your way into this room? 

The below tasks contain intermediate Exploit Development challenges. If you are already familiar with concepts like Buffer Overflows, Assembly, and Exploit Development in general, these challenges may fall into the medium category in terms of difficulty. On the other hand, it can be a bit more challenging if you are not familiar with these concepts. In case you don't know where to start, you can begin by getting familiar with tools and concepts like: 

• GDB  (opens in new tab)or any Linux debugger of your choice
• Pwntools (opens in new tab)
• Basics of Assembly
• Buffer Overflows

It is also recommended, but not required, to first solve TryPwnMe One. These challenges are good for practicing the basics of Exploit Development and are good if you want to learn Binary Hacking. 

Instructions

Start the challenge by clicking on the Start Lab Machine button at the top of this task. Follow the instructions for each task and work with the associated file, remote IP, and port number. You must develop an exploit and read the content of flag.txt on the remote service.

The files needed to complete this challenge are accessible from the AttackBox in the /root/Rooms/TryPwnMeTwo/ directory. If you prefer to work on your local VM, download the necessary files in the next task.

The challenges in this room are running  Ubuntu, so there will be stack alignment issues. Make sure to add a ret gadget to solve it if needed.

Have some pwn (fun)!