PWN (26) 썸네일형 리스트형 pwnable.kr / crcgen 보호되어 있는 글입니다. ASIS CTF 2020 / shared_house 나중에 블로그에 글 옮기는 걸로... Structure for Kernel heap exploit https://ptr-yudai.hatenablog.com/entry/2020/03/16/165628 https://duasynt.com/blog/linux-kernel-heap-spray ASIS CTF 2020 / tthttpd #Find bug It is a simple HTTP server written in C language. There are two simple vulnerabilities. 1. Stack overflow Length is not verified when receiving input from the client. Therefore, Stack overflow occurs. int __fastcall readline(_BYTE *buf) { int result; // eax _BYTE *i; // [rsp+18h] [rbp-8h] for ( i = buf; ; ++i ) { result = fgetc(stdin); if ( (_BYTE)result == -1 ) break; if ( (_BYTE)resu.. Multiple vulnerabilities In radare2-extras / Fixed 보호되어 있는 글입니다. 2020 PWN2WIN / tukro #Summary A sends a message to B. B deletes the message. UAF(Use-After-Free) occurs when A reads or modifies a message sent to B. You can do RCE using House of Orange. The solution of this problem is extremely similar to the 300 from 34c3. https://github.com/DhavalKapil/ctf-writeups/blob/master/34c3ctf-2017/300/exploit.py #Find Vulnerable This function sends a message to another user. Users can o.. 2020 DawgCTF / trASCII keyword : ascii only shellcode # analysis bug int compact() { size_t v0; // eax int i; // [esp+4h] [ebp-54h] signed int v3; // [esp+8h] [ebp-50h] size_t v4; // [esp+Ch] [ebp-4Ch] char s[72]; // [esp+10h] [ebp-48h] memset(s, 0, 0x40u); puts("What garbage do you have for us today?"); fgets(trash, 10000, stdin); v4 = strlen(trash); if ( !v4 ) { puts("You didn't enter any trash :("); exit(-1); } tra.. HackCTF/ Unexploitable #4 누가 물어봐서 잠깐 봤는데 나름 참신한? 풀이가 생각나서 기록해둔다. 가능한 워게임 라업은 안 쓰려고 하는데, 이 사이트는 다들 라업 공개하실길래 그냥 쓴다. ➜ unexploitable checksec ./Unexploitable_4 [*] '/home/jjy/lab/hackctf/unexploitable/Unexploitable_4' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX disabled PIE: No PIE (0x400000) RWX: Has RWX segments 제목에서 알 수 있듯이 pwnable.kr의 unexploitable에서 따온 문제인듯하다. rbp에 bss의 주소를 적고 lea rax,[rbp.. 이전 1 2 3 4 다음
