[CTF][2023] Whitehat contest Qual - pwn1

2024. 3. 2. 16:54· CTF/2023

[CTF][2023] CCE 2023 QUAL - babykernel (0)	2024.03.18
[CTF][2023] CCE 2023 Qual - babyweb_1 (0)	2024.03.12
[CTF][2023] SECCON Qual - selfcet (0)	2024.03.02
[CTF][2023] CTFZone Qual 2023 - dead or alive 2 (0)	2024.03.02

상단으로

[CTF][2023] Whitehat contest Qual - pwn1

문제개요

1. Analysis (clip_board)

1.1. Concept

(1) menu

(2) _note_ global variables

1.2. Vulnerability (Out-of-bound write / read / free)

2. Exploitation

2.1. Memory leak

(1) heap address leak

(2) libc address leak

2.2. 전역변수 정리

2.3. allocate dummy heap chunks

2.3. Stdout pointer Overwrite

2.4. tcache count 증가용 dummy 객체 생성

2.5. chunk1 free and malloc -> chunk2 overwrite

2.6. free manipulated chunks

(1) free(dummy chunk)

(2) free(chunk3)

(3) free(chunk2)

2.7. stack address leak

(1) tcache encode

(2) stack address leak

2.8. stack memory allocation (return address overwrite)

2.9. return

3. Exploit

3.1. exploit.py

3.2. Run

'CTF > 2023' 카테고리의 다른 글

티스토리툴바

문제개요

1. Analysis (clip_board)

1.1. Concept

(1) menu

(2) *_note_* global variables

1.2. Vulnerability (Out-of-bound write / read / free)

2. Exploitation

2.1. Memory leak

(1) heap address leak

(2) libc address leak

2.2. 전역변수 정리

2.3. allocate dummy heap chunks

2.3. Stdout pointer Overwrite

2.4. tcache count 증가용 dummy 객체 생성

2.5. chunk1 free and malloc -> chunk2 overwrite

2.6. free manipulated chunks

(1) free(dummy chunk)

(2) free(chunk3)

(3) free(chunk2)

2.7. stack address leak

(1) tcache encode

(2) stack address leak

2.8. stack memory allocation (return address overwrite)

2.9. return

3. Exploit

3.1. exploit.py

3.2. Run

'CTF > 2023' 카테고리의 다른 글

티스토리툴바

(2) _note_ global variables