만두만두

IndexSummaryAnalysisDisassembleExploitSummaryVM7bit...?bof살려주세요Analysism444ndu@ubuntu:~/round1/7amebox-name$ ls -al total 100 drwxr-xr-x 2 m444ndu chp747 4096 Jan 14 18:20 . drwxr-xr-x 9 m444ndu chp747 4096 Jan 13 05:53 .. -rwxr-xr-x 1 m444ndu chp747 31017 Jan 13 15:08 _7amebox_patched.py -rw-r--r-- 1 m444ndu chp747 6148 Jan 13 05:53 .DS_Store -rwxr-xr-x 1 m444ndu chp747 27 Jan 13 05:53 flag -rw..

summaryvmnone check signed indexfxxkanalysis[*] '/home/m444ndu/round1/kindvm/kindvm' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x8048000)main()int __cdecl main(int argc, const char **argv, const char **envp) { ctf_setup(); kindvm_setup(); input_insn(); (*(void (**)(void))(kc + 16))(); // func_greeting() while ( !*(_DWORD *)(kc + 4) ) // until exec ..

analysis으어어어 Python Jail 문제임주어진 코드는 다음과 같다.#!/usr/bin/env python import sys import ast ​ ​ ​ blacklist = [ast.Call, ast.Attribute] ​ def check(node): if isinstance(node, list): return all([check(n) for n in node]) else: """ expr = BoolOp(boolop op, expr* values) | BinOp(expr left, operator op, expr right) | UnaryOp(unaryop op, expr operand) | Lambda(arguments args, expr body) | IfExp(expr test, ..

summarystack leak using "%p"utilize stack space using main() addressfxxkanalysism444ndu@ubuntu:~/round1/swap_returns$ checksec swap_returns [*] '/home/m444ndu/round1/swap_returns/swap_returns' Arch: amd64-64-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x400000)main()int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { int index; // eax __i..

summaryapplication file descriptor (Reopening STDIN)stack remainbof rop chain analysism444ndu@ubuntu:~/round1/load$ checksec load [*] '/home/m444ndu/round1/load/load' Arch: amd64-64-little RELRO: Full RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) FORTIFY: Enabled카나리가 안걸려 있습니당main()__int64 __fastcall main(__int64 a1, char **a2, char **a3) { char buf; // [rsp+0h] [rbp-30h] __i..

[summary]stack reusing vulnerabilityreallocating variable space through ebp changeanalysism444ndu@ubuntu:~/pwntw/applestore$ checksec applestore [*] '/home/m444ndu/pwntw/applestore/applestore' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x8048000)바이너리는 아래와 같은 기능들을 가졋슴니다.=== Menu === 1: Apple Store 2: Add into your shopping cart 3: Remove from your sh..

analysism444ndu@ubuntu:~/pwntw/calc$ checksec calc [*] '/home/m444ndu/pwntw/calc/calc' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x8048000)main()int __cdecl main(int argc, const char **argv, const char **envp) { ssignal(14, (int)timeout); alarm(60); puts((int)"=== Welcome to SECPROG calculator ==="); fflush(stdout); calc(); return puts((int)"Merry ..

[summary]vulnerability indexscanf("%u",,) erroranalysism444ndu@ubuntu:~/pwntw/doubblesort$ checksec dubblesort [*] '/home/m444ndu/pwntw/doubblesort/dubblesort' Arch: i386-32-little RELRO: Full RELRO Stack: Canary found NX: NX enabled PIE: PIE enabled FORTIFY: Enabled다 걸려있습니당 ㅎㄷㄷ;;매우 간단쓰한 구조를 취하고 있는 문제입니당. main 문에서 숫자 배열을 입력받고, sorting 함수에서 크기 순으로 정렬해주는 구조를 가지고 잇습니다.main()__printf_chk(1, "What yo..

[summary]free unsorted bin 시 잔존한 main_arena+48을 통해 libc leakuaf 취약점을 통한 eip controlanalysis전형적인 uaf heap 문제임다.m444ndu@ubuntu:~/pwntw/hacknote$ checksec hacknote [*] '/home/m444ndu/pwntw/hacknote/hacknote' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x8048000) add_note() if ( note_num

analysism444ndu@ubuntu:~/pwntw/orw$ checksec orw [*] '/home/m444ndu/pwntw/orw/orw' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX disabled PIE: No PIE (0x8048000) RWX: Has RWX segments그냥 쉘코드 올리고 실행시켜주는 문제인데, 그냥 쉘코드를 만들 수 있는가를 테스트하는 문제인 것 같다. 근데 그냥 아무 execve("/bin/sh",NULL,0) 해주는 쉘코드를 올리면 이상하게 아래와 같이 sys_exit 함수로 끝내버린다...?pwndbg> 0x0804a07a in shellcode () ​ LEGEND: STACK | ..