HARD CHALLENGE • 500 POINTS

Real Vortex-OTP Exploitation

REAL BUFFER OVERFLOW EXPLOITATION: Exploit a vulnerable C network service running on port 9999. Chain buffer overflow and ROP gadgets to achieve remote code execution and capture the flag. This is a real exploitation challenge requiring knowledge of buffer overflows, ROP chains, and network exploitation.

Service Control
Vortex-OTP Service: OFFLINE

REAL EXPLOITATION REQUIRED

This challenge runs a real vulnerable C program on port 9999. You need to write an actual exploit using Python or other tools. The service is compiled with NO PROTECTIONS: No stack canary, no ASLR, NX disabled.

Exploitation Guide

Vulnerability

  • Buffer overflow in strcpy()
  • 256-byte buffer, no bounds checking
  • Offset to return address: 264 bytes
  • secret_function at: 0x401216

Required Tools

  • Kali Linux or similar
  • Python3 with pwntools
  • netcat (nc)
  • gdb for debugging

Target Info

  • IP: localhost
  • Port: 9999
  • Protocol: TCP
  • Flag format: FLAG{...}
Exploitation Terminal
$ ./vortex-server
[*] Starting Vortex-OTP Server v2.1.3
[*] Compiled: gcc -fno-stack-protector -z execstack -no-pie
[*] Listening on port 9999
[*] Server ready. Waiting for connections...
Testing Ground
Test output will appear here...
Flag Submission

After successfully exploiting the vulnerable service, you should receive a flag. Enter it below to complete the challenge. Expected format: FLAG{V0RT3X-R34L-B0F-3XPL01T}