전체 글(119)
-
[HackCTF / pwnable] j0n9hyun secret
HackCTF - j0n9hyun secretSummarybuffer overflowAnalysisint __cdecl main(int argc, const char **argv, const char **envp) { __int64 v3; // r8 __int64 v4; // r8 __int64 v5; // r8 int v6; // ST0C_4 sub_40FDD0((unsigned int *)off_6CA748, 0LL, 2LL, 0LL, v3); sub_40FDD0((unsigned int *)off_6CA740, 0LL, 2LL, 0LL, v4); sub_40FDD0((unsigned int *)off_6CA738, 0LL, 2LL, 0LL, v5); f = fopen("top_secret", (..
2020.06.10 -
[HackCTF / pwnable] World best encryption tool
HackCTF - World best encryption toolSummary64bitropAnalysisint __cdecl main(int argc, const char **argv, const char **envp) { unsigned int i; // [rsp+8h] [rbp-88h] char s1; // [rsp+Ch] [rbp-84h] char src[64]; // [rsp+10h] [rbp-80h] char dest; // [rsp+50h] [rbp-40h] unsigned __int64 v8; // [rsp+88h] [rbp-8h] v8 = __readfsqword(0x28u); setvbuf(_bss_start, 0LL, 2, 0LL); do { puts("Your text)"); _..
2020.06.10 -
[선린 고등해커 2회 예선] FFFFFMMMMTTT
선린 고등해커 2회 예선 - FFFFFMMMMTTTSummary64bitformat string bugAnalysisint __cdecl __noreturn main(int argc, const char **argv, const char **envp) { char s; // [rsp+0h] [rbp-1A0h] unsigned __int64 v4; // [rsp+198h] [rbp-8h] v4 = __readfsqword(0x28u); init(); while ( 1 ) { memset(&s, 0, 0x190uLL); read(0, &s, 0x190uLL); printf(&s, &s); } }printf에서 포멧스트링버그가 터진다. %p를 사용해서 read의 주소를 가지고 올 수 있다.Exploitfr..
2020.02.29 -
[LOS Rubiya] skeleton
LOS Rubiya - skeletonAnalysis
2020.02.27 -
[LOS Rubiya] vampire
LOS Rubiya - vampireAnalysis
2020.02.27 -
[LOS Rubiya] troll
LOS Rubiya - trollAnalysis
2020.02.27