제리의 블로그

TUCTF 2018 PWN shella-easy $ ./shella-easy Yeah I'll have a 0xff81fcb0 with a side of fries thanks 프로그램을 실행시켜보면 오프셋을 보여준다. int __cdecl main(int argc, const char **argv, const char **envp) { char s; // [sp+0h] [bp-48h]@1 unsigned int v5; // [sp+40h] [bp-8h]@1 setvbuf(stdout, 0, 2, 0x14u); setvbuf(stdin, 0, 2, 0x14u); v5 = 0xCAFEBABE; printf("Yeah I'll have a %p with a side of fries thanks\n", &s)..

picoCTF 2018 can-you-gets-me Binary Exploitation 요약바이너리가 static compile 되어있어서 ROP gadget 모으기 수월하다.입력받는 함수는 gets로 입력 길이 제한이 없다. DescriptionCan you exploit the following program to get a flag? You may need to think return-oriented if you want to program your way to the flag. You can find the program in /problems/can-you-gets-me_2_da0270478f868f229487e59ee4a8cf40 on the shell server. Source. 플래그를 얻..

horcruxes - 7 pt Voldemort concealed his splitted soul inside 7 horcruxes. Find all horcruxes, and ROP it! author: jiwon choi ssh horcruxes@pwnable.kr -p2222 (pw:guest) horcruxes@ubuntu:~$ ls -l total 20 -rwxr-xr-x 1 root root 12424 Aug 8 07:16 horcruxes -rw-r--r-- 1 root root 131 Aug 8 07:16 readme horcruxes@ubuntu:~$ cat readme connect to port 9032 (nc 0 9032). the 'horcruxes' binary will be e..