Welcome to Exploitation challenges

The binaries that you have to exploit are provided in the VM under the folder "challenges".
Link to VM

The vulnerability is obvious in almost all challenges so that the focus is on exploit development.
Some challenges may appear impossible but they are exploitable.
You are required to use the type of shellcode specified to consider the challenge as completed.
Hardcoding stack address is allowed unless explicitly prohibited in the challenge description.

Prepare yourself to bypass guards, break some windows, close the blinds, use your feng shui and jump ROPe your way through these challenges.

The application accepts the following commands "open", "store", "retr", "clear", "close" as input from the command line and executes them. The application can also pick up and execute commands from C:\commands.txt" if the file exists.
Stack in the below description is implemented by the program and does not refer to process stack.

Commands	Operation
open <string>	Creates an object for Class conn and calls the constructor with the provided string as argument Constructor: 1. Allocates memory for the provided string 2. Copies the provided string to the newly allocated memory 3. Pushes the allocated string in the stack.
store <string>	Allocates memory for the provided string Copies the provided string to the newly allocated memory Calls set member function with allocated string as argument Set function: 1. Pushes the allocated string in the stack
retr	Calls the get member function Get function: 1. Returns the top member of the stack. It does not pop the element out of stack
clear	Calls the clear member function Clear function: 1. Gets the top member of the stack 2. Frees the memory of the top member using .free. 3. Pops the top member out of the stack
close	Frees the "conn" object

Filename: exp-c7.exe
Constraints:
- Payload: No hardcoded stack/heap memory addresses
- Shellcode: Bind shell

Useless Hint: Use after free