In this picoCTF 2026 writeup for Echo Escape 2, we exploit a 32-bit binary vulnerable to a buffer overflow caused by a misconfigured fgets function. We use GDB and a cyclic pattern to calculate the exact offset needed to overwrite the EIP (Instruction Pointer). Finally, we write a custom Python script using Pwntools to hijack the execution flow, execute a classic Ret2Win attack to call the hidden function, and capture the flag.
Links & Resources
Challenge: https://play.picoctf.org/practice/challenge/736
Tools Used: GDB (pwndbg), Pwntools, Python
Video Chapters
00:00 Introduction to Echo Escape 2
00:39 Binary Security Analysis (checksec)
01:48 Source Code & Stack Overflow Explained
04:11 Finding the 'win' Address in GDB
05:20 Calculating the EIP Offset with Cyclic
08:14 Writing the Pwntools Exploit Script
10:44 Exploit Execution & Flag Capture
11:10 Mitigation Strategies & Outro
#picoctf2026 #echoescape2 #bufferoverflow #binaryexploitation #pwntools #cybersecurity #ctf #hacking
