`#`CONTENT

`#`TOP

776 KiB2024-04-10 03:03

162 KiB2024-04-10 03:03

602 KiB2024-04-10 03:03

507 bytes2024-04-10 03:03

`#`linker-as-a-service

Turing complete relocations are fun and all, but you can use them to pop a shell?

nc chal.amt.rs 1342

unvariant <- author pwn <- category 500 <- points 1 <- solves hard <- difficulty

`#`solution

add /proc/self/exe as a dynamic dependency
- allows the binary to be loaded at a relative offset to linker
use relocations to modify linker state to get rce

`#`unintended

none :D