Proj 13x: 64-Bit Remote Buffer Overflow with ASLR (25 pts.)

What You Need

A 64-bit Linux machine, real or virtual.

Challenge: Remote Server with ASLR (25 pts.)

To connect to the server, in a Terminal window, execute this command:

nc 13010
If you'd like a local copy of the server program to analyze, use these commands:

curl > p13x.c

curl > p13x
Exploit this process and get a shell on the server. Then put your name in this file:

Create this file:

After one minute, your name will appear on the WINNERS page here:


If your exploit fails, it might be that the port is in use. You can check the local network connections at this page:

That page is updated every 5 seconds.


  • There are ten identical listening processes, on ports 13010 through 13019. Each process is automatically killed and restarted each minute.
  • ASLR is enabled--you must write a script that reads the pointer, calculates the correct attack code, and sends it immediately.
  • There is no firewall, so a simple port binding attack will work.

Saving a Screen Image

Make sure YOUR NAME (or an alias) is visible on the WINNERS page.

Capture a full-screen image.


Save the image with the filename "YOUR NAME Proj 13x", replacing "YOUR NAME" with your real name.

Turning in your Project

Email the images to with the subject line: Proj 13x from YOUR NAME
Posted 10-17-15 by Sam Bowne
Revised 11-4-15