In a chaotic quest to reclaim the Dragon’s Heart, Sir Alaric must confront Lord Malakar, who has cursed villagers into ducks. The solution involves exploiting a coding vulnerability to bypass security measures and execute a ‘duck_attack’ function, showcasing techniques such as buffer overflow and canary leaking. Affected: villagers, software security, coding practices
Keypoints :
- Sir Alaric aims to defeat cursed villagers who have been transformed into ducks by Lord Malakar.
- The exploit involves inserting “Quack Quack” at specific locations in memory.
- A stack canary is utilized to prevent buffer overflow attacks but can be leaked through the exploit.
- The crafted input consists of a series of ‘A’s, followed by “Quack Quack,” the leaked canary, and the address of the ‘duck_attack’ function.
- Tools such as pwntools assist in creating the exploit for the target architecture.
- The successful execution results in triggering the ‘duck_attack’ function.
- Skills developed from this process include leaking information, understanding buffer overflow attacks, and bypassing security measures.
Full Story: https://infosecwriteups.com/htb-cyber-apocalypse-2025-quack-quack-1775cefc26ae?source=rss—-7b722bfd1b8d—4