목록pico (23)

제리의 블로그

Config Console @ pico2017

#FSB, #GOT Overwrite목차DescriptionAnalysisExploit codeDescriptionconsole config-console.c:#include #include #include #include #include #include FILE *log_file; void append_command(char type, char *data) { fprintf(log_file, "%c %s\n", type, data); } void set_login_message(char *message) { if (!message) { printf("No message chosen\n"); exit(1); } printf("Login message set!\n%s\n", message); append_..
CTF/pwnable 2018. 5. 17. 17:14
Shells @ pico2017

DescriptionHow much can a couple bytes do?Use shells! Source. Connect on shell2017.picoctf.com:50454. Analysisint vuln() { void *buf; // [sp+Ch] [bp-Ch]@1 buf = mmap(0, 0xAu, 7, 34, 0, 0); if ( buf == (void *)-1 ) { puts("Failed to get space. Please talk to admin"); exit(0); } printf("Give me %d bytes:\n", 10); fflush(stdout); if ( !read(0, buf, 0xAu) ) { printf("You didn't give me anything :(")..
CTF/pwnable 2018. 5. 14. 22:44
Guess The Number @ pico2017

특정 번호를 넣는 문제인가보다. 바이너리 를 받고 nc 로 접속해서 문제푸는 pwnable 문제이다. main 을 보면 int __cdecl main(int argc, const char **argv, const char **envp) { unsigned int v3; // eax@1 char nptr[4]; // [sp+Ch] [bp-2Ch]@1 int v6[7]; // [sp+10h] [bp-28h]@2 int (*v7)(void); // [sp+2Ch] [bp-Ch]@3 *(_DWORD *)nptr = 0; v3 = 0; do { v6[v3] = 0; ++v3; } while ( v3 < 7 ); setbuf(stdout, 0); puts("Welcome to the number guessing g..
CTF/pwnable 2018. 5. 14. 14:42
Prev 1 2 3 Next