Letssplitturtles.part02.rar Apr 2026

For a deep dive into the specific assembly and memory offsets used in this exploit, you can view the full technical breakdown on nickcano.com .

: The first 16 bytes of the payload were used to point the RDI register toward a "slack" space in memory. LetsSplitTurtles.part02.rar

: By placing a magic_gadget address at a specific offset ( +0x60 ), the program was forced to execute the desired shellcode or function when it attempted to traverse to the "next" turtle. Execution & Debugging For a deep dive into the specific assembly

: A 64-byte ( 0x40 ) buffer of null bytes provided a safe landing zone for the program's internal processing. Execution & Debugging : A 64-byte ( 0x40

The exploit was verified using to step through the turtle traversal logic. A critical finding during this phase was that the RBP (Base Pointer) register did not land at the expected offset, requiring a slight adjustment to the slack space to ensure the magic gadget was reached successfully.

This write-up covers the second part of the challenge from CSAW CTF, focusing on the exploitation of a recursive data structure to achieve code execution. Challenge Overview