| Issue | What it allowed | Fix (if you were the developer) | |-------|-----------------|---------------------------------| | into a 64‑byte stack buffer | Arbitrary overwrite of saved RBP and RIP → full control of execution flow. | Use fgets with a proper length check, or read with the exact buffer size. | | No Stack Canary | No detection of stack corruption. | Enable -fstack-protector-strong (or at least -fstack-protector ). | | Partial RELRO (GOT entries writable) | Allows overwriting the GOT entry for puts after leak (though not needed here). | Use full RELRO (`-Wl,-z
| # | Section | |---|---------| | 1 | Challenge Overview | | 2 | Environment Setup | | 3 | Static Analysis | | 4 | Dynamic Analysis | | 5 | Vulnerability Discovery | | 6 | Exploit Development | | 7 | Getting the Flag | | 8 | Mitigations & Lessons Learned | | 9 | Full Exploit Source Code | | A | References & Tools | midv699 full
The binary also contains the following : | Issue | What it allowed | Fix