| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 |
- Toddler's Bottle
- anti
- Bottle
- writeup
- pwn
- TUCTF
- CANARY
- 2018
- shellcraft
- pico
- BOF
- rev
- string
- Rookiss
- shellcode
- pwnable
- Reverse
- Read
- pwnable.kr
- ASM
- Leak
- picoCTF
- FSB
- CTF
- practicalmalwareanalysis
- format
- reversing
- toddler
- Bug
- PMA
- Today
- Total
제리의 블로그
pwnable.kr leg
leg - 2 pt Daddy told me I should study arm. But I prefer to study my leg! Download : http://pwnable.kr/bin/leg.c Download : http://pwnable.kr/bin/leg.asm ssh leg@pwnable.kr -p2222 (pw:guest) / $ id uid=1000(busy) gid=1000 groups=1000 / $ ls bin dev flag linuxrc root sys boot etc leg proc sbin usr / $ ls -l flag leg -r-------- 1 1001 0 38 Nov 10 2014 flag ---s--x--- 1 1001 1000 636419 Nov 10 201..
요약리버싱 문제로flag 를 base64, rot13, 또 다른 인코딩.이렇게 3단계 인코딩을 거쳐 strcmp로 비교한다.(세번째 인코딩은 uu 인코딩이란다)풀이방법은 gdb script 로 브루트포싱을 했습니다. void __fastcall main(int argc, char **argv, char **env) { size_t len; // rax@4 char *flag; // ST18_8@4 size_t len_; // rdx@4 char *enc1; // rax@4 char *enc2; // rax@4 char *enc3; // ST18_8@4 if ( argc != 2 ) { puts("./dec_dec_dec flag_string_is_here "); exit(0); } len = strlen..
pwnable.kr asm
asm - 6 pt Mommy! I think I know how to make shellcodes ssh asm@pwnable.kr -p2222 (pw: guest)쉘코드를 만드는 문제인가 봅니다.일단 ssh 접속해볼까요? asm@ubuntu:~$ ls -l total 28 -rwxr-xr-x 1 root root 13704 Nov 29 2016 asm -rw-r--r-- 1 root root 1793 Nov 29 2016 asm.c -rw-r--r-- 1 root root 211 Nov 19 2016 readme -rw-r--r-- 1 root root 67 Nov 19 2016 this_is_pwnable.kr_flag_file_please_read_this_file.sorry_the_file_na..