| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 |
- Leak
- reversing
- pwnable
- string
- picoCTF
- pico
- CTF
- Bug
- toddler
- Read
- 2018
- pwn
- CANARY
- Bottle
- shellcode
- practicalmalwareanalysis
- ASM
- Toddler's Bottle
- TUCTF
- FSB
- pwnable.kr
- PMA
- rev
- Reverse
- BOF
- shellcraft
- Rookiss
- format
- anti
- writeup
- Today
- Total
목록PIE (2)
제리의 블로그
TUCTF 2018 PWN ehh Arch: i386-32-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: PIE enabled $ file ./ehh ./ehh: ELF 32-bit LSB pie executable Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=d50965fb2cafc7eb26ecbce94385e870a05d02eb, not stripped $ ./ehh >Input interesting text here< 0x5664c028 ease ease..
#GDB, #script, #brute, #force, #PIEmmDescriptionWriteup시나리오GDB scriptFLAGDescriptionmm mmWriteup__int64 __fastcall main(__int64 a1, char **a2, char **a3) { __int64 result; // rax@4 __int64 v4; // rcx@4 char s[264]; // [sp+0h] [bp-110h]@1 __int64 v6; // [sp+108h] [bp-8h]@1 v6 = *MK_FP(__FS__, 40LL); srand(0x17A3u); memset(s, 0, 0x100uLL); write(1, "Input: ", 7uLL); s[read(0, s, 0x100uLL) - 1] = 0..