$ ./zerotrust_api
=======================================
Zero Trust Authentication System v2.4
=======================================
Protected Endpoint: /api/v1/verify_token
Memory Protection: NX Enabled, ASLR Active
Stack Canary: ❌ Disabled (Debug Mode)
Buffer Location: 0x7ffc3a8b2d40
Win Function: 0x401216 (admin_bypass)
Enter authentication token: █
🏴 Submit Flag
📚 Challenge Details
📖 Scenario
A Zero Trust API endpoint has been discovered with debug mode enabled. The token verification
function contains a classic buffer overflow vulnerability. Exploit this to bypass authentication and
gain admin privileges.
Learn Return-Oriented Programming (ROP) chain construction
Practice memory address calculation and payload creation
Analyze real-world Zero Trust architecture weaknesses
🔧 Tools Required
GDB
with PEDAPython3
+ pwntoolschecksecROPgadget
💡 Exploitation Hint
The buffer is 64 bytes. You'll need 72 bytes to reach the return address. The win function at
0x401216 will print the flag when called. Remember to account for endianness in your payload.