shellstraction initial push

.gitignore

@@ -2,3 +2,4 @@
 .DS_Store
 .vscode
 .ctf
+.gdb_history

challs/shellstraction/Dockerfile

@@ -0,0 +1,17 @@
+FROM ubuntu:18.04
+
+EXPOSE 1337
+
+RUN export DEBIAN_FRONTEND=noninteractive && \
+    apt-get -y update && \
+    apt-get -y install socat coreutils
+
+COPY chall/flag.txt /
+COPY chall/app /
+
+RUN chmod 555 /app && \
+    chmod 444 /flag.txt
+
+CMD socat -T 30 \
+    TCP-LISTEN:1337,nodelay,reuseaddr,fork \
+    EXEC:"stdbuf -i0 -o0 -e0 /app"

challs/shellstraction/README.md

@@ -0,0 +1,16 @@
+# Shellstraction
+
+This is a simple interctive shell written by Red_Epicness and improved and worked upon by AlwaysGuilty. 
+
+There are 2 intended vulnerabilities built in.\
+If we take a look in the `touch` command, there is a local variable `signed char offset`. By overflowing it, we can control the `guard` global variable. That allows us to execute code inside `eton` function. This is where a simple double free can be performed.
+
+## Compiling From Source
+
+`gcc -fstack-protector -o chall/app chall/app.c`
+
+## Solution
+
+Solution in [sol.py](sol.py)
+
+Flag: `dctf{D035_4nyb0dy_l1st3n_T0_Ur14h_He4p_1093875hv914387v}`