The HTB machine ‘Cyber Apocalypse 2024 — Pet Companion’ involves a binary with a buffer overflow vulnerability and no stack canary, as well as no PIE and full RELRO protections.
The buffer overflow allows user input via a read function to write 64 bytes of data with 8 bytes appended for the saved RBP, leading to a 64+8=72 byte buffer.
This can be exploited by overwriting the return address to execute shellcode by using Return-Oriented Programming to call the write and read functions in libc to execute ‘/bin/sh’ and gain shell access.
The PLT and GOT are also explained regarding their functionality and relevance to the exploit.
The provided Python script uses pwntools to exploit the vulnerability and read the flag.