Official Format Discussion

htbapibot · September 4, 2020, 7:00pm

Official discussion thread for Format. Please do not post any spoilers or big hints.

hur · September 14, 2020, 5:52pm

Any nudges for this one? I have figured out a method to write to memory addresses in the stack but can’t really figure out where/how to get to the flag.

wazKoo · September 15, 2020, 12:34am

anyone know if its possible to write less than2 bytes / 4 digit?
%hn seems to be the smallest

SpaceMoehre · September 20, 2020, 1:54am

I could use a nudge too. I‘ve an idea but fail on writing anything

zeuhl · September 23, 2020, 1:45pm

Hi guys. I think i miss something in this challenge. I leak anything in binary and can write anything anywhere, but i can’t found a solution to manipulate/stop the infinite loop.

ROP failed due to infinite loop.
GOT Rewrite failed too due to Full-Relro.

I have leak the PIE, the canary and the libc base address.
This binary seem to be easy …

Can someone help me ?

Thanks in advance

AlexZander · October 11, 2020, 7:33pm

Feel free to dm me for any doubts.

wxadvisor · November 12, 2020, 11:33pm

Done and Dusted! Thx @ollypwn for fun challenge.

BobbyTab1es · January 8, 2021, 1:42pm

If anyone is interested in exchanging and discussing solutions, please feel free to PM me.

Goz97 · March 17, 2021, 10:35pm

Hello, I managed to “solve the challenge locally”, but when I try to connect to the server it raises an error about a file:
“/home/ctf/run_challenge.sh: line 3: 28 Segmentation fault ./format”

I don’t really believe this is due to my script, has someone experienced the same issue?

synap5e · April 30, 2021, 11:37am

I have a payload that makes the binary generate a reverse shell that works on the one I downloaded, but it doesnt work against the remote.
Anyone able to help?

AlexZander · May 2, 2021, 9:53am

Type your comment> @AlexZander said:

Feel free to dm me for any doubts.

Please contact me on discord for quicker response :- Alex Zander#0764

angryant · July 3, 2024, 5:09am

This challenge already took 5 evenings of my life. I have it successfully working pretty much every time, like other people, but it fails to spawn a shell remotely. Could anyone, who successfully solved it, send an MD5 of libc used? I suspect that the one I figured out is just wrong - I checked all matching versions I found on https://libc.rip/ and still all I get are segfaults.

B1nK1ng · August 22, 2024, 5:58pm

Maybe a bit late. ROP is possible in this challenge u just have to be creative:D

B1nK1ng · August 22, 2024, 5:58pm

Spam it. The intended way may not be very reliable.

Topic		Replies	Views
Official Scanner Discussion Challenges	8	1293	October 27, 2024
Official Restaurant Discussion Challenges	24	5501	September 28, 2023
Official Pentest Notes Discussion Challenges	15	1719	January 16, 2025
Official Oxidized ROP Discussion Challenges	17	3718	May 2, 2024
ropme Challenges	28	5798	June 2, 2021

Official Format Discussion

Related topics