pwn
Baby2 When Swordfish came out, these were considered some state of the art techniques. Let's see if you have what it takes. settings Service: nc baby-01.pwn.beer 10002 cloud_download Download: baby2.tar.gz baby2.tar.gz を解凍するとbaby2とl…
Baby1 When Swordfish came out, these were considered some state of the art techniques. Let's see if you have what it takes. settings Service: nc baby-01.pwn.beer 10001 cloud_download Download: baby1.tar.gz baby1.tar.gzを解凍するとbaby1が与…
Chain of Rope defund found out about this cool new dark web browser! While he was browsing the dark web he came across this service that sells rope chains on the black market, but they're super overpriced! He managed to get the source code…
Binary Aquarium Here's a nice little program that helps you manage your fish tank. Run it on the shell server at /problems/2019/aquarium/ or connect with nc shell.actf.co 19305. Author: kmh11 ソースコードと実行ファイルが与えられる。 #inclu…
pwn5 Ananlyse the binary and get flag at: nc 35.231.63.121 1342 $ file pwn5 pwn5: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=773d0…
pwn3 reverse the binary and submit number at: nc 35.231.63.121 1340 $ file pwn03 pwn03: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]…
pwn2 analyze the binary and exploit server at: nc 35.231.63.121 1339 $ file pwn02 pwn02: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1…
pwn1 reverse the binary and exploit server at: nc 35.231.63.121 1337 $ file pwn1.elf pwn1.elf: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildI…
runit Send code to the server, and it'll run! Grab the flag from /home/ctf/flag.txt Location - runit-5094b2cb.challenges.bsidessf.net:5252 $ file runit runit: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (us…
Pwn1 $ file pwn1 pwn1: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 3.2.0, BuildID[sha1]=d126d8e3812dd7aa1accb16feac888c99841f504, not stripped $ checksec.sh --file pwn1 …
# exploit.py from pwn import * # pwntools repository # https://github.com/Gallopsled/pwntools # pwntools documents, reference # http://docs.pwntools.com/en/stable/index.html # https://qiita.com/8ayac/items/12a3523394080e56ad5a def send_pay…
※本記事は合ってるかどうか保証出来かねます。また、発言は個人の意見です。 pwnをする上で最低限必要とされてるROPが理解出来なかったのでROP学習の定番ropasaurusrexをなぞってROPを学習する。 結局何が理解出来なかったのかというと pwn → わかる ガジェ…
