The writeup/walkthrough is already available above in "Download Your Docker Container".

Textbook Walkthrough. Filmed writeups will begin at the end of next week (Your quiz asking for the flag will be presented to you once all videos are uploaded)

In this exercise, we are going to keep ASLR enabled on your host that is running Docker, so before you start the container, run echo 2 > /proc/sys/kernel/randomize_va_space as root. Then pull the docker container with the challenges and tools


sudo docker pull ghcr.io/tanc7/introexploitdev-cobra:latest


We have four methods that we will exploit to bypass ASLR and obtain a root shell on the system, all of which utilize a ROP-chain.


  1. Unused shell functions

  2. Unintentional hardcoded shell functions from calling other commands (/bin/date specifically)

  3. Manually overwrite the .data segment with the sh variable using strcpy and calling system

  4. Manually overwriting the Global Offset Table from printf into calling system instead


Due to gdb-PEDA not being updated since December 20th, 2020, and subsequently causing unexplained bugs with our course, we are now switching to gdb-gef (pronounced Jeff) extensions, which for you as a student, would be useful in introducing you to a multitude of debugging extensions. Unlike PEDA, GEF is still well maintained and heavily used by CTF players to this day.


The required tools are already pre installed in your Docker Container with the vulnerable binaries.