CTF/Solved

idekCTK 2022 - Typop

1. intro bof + rop + rcu가 복합적으로 이루어져 공부하기 좋은 문제였다. 2. code 2.1. code 2.1.2. main int __cdecl main(int argc, const char **argv, const char **envp) { setvbuf(_bss_start, 0LL, 2, 0LL); while ( puts("Do you want to complete a survey?") && getchar() == 'y' ) { getchar(); getFeedback(); } return 0; } 2.1.2. getFeedback unsigned __int64 getFeedback() { __int64 buf; // [rsp+Eh] [rbp-12h] BYREF __int16 v..

IRIS CTF - ret2libm

1. intro 2. code 및 분석 2.1. code #include #include // gcc -fno-stack-protector -lm int main(int argc, char* argv) { setvbuf(stdin, NULL, _IONBF, 0); setvbuf(stdout, NULL, _IONBF, 0); char yours[8]; printf("Check out my pecs: %p\n", fabs); printf("How about yours? "); gets(yours); printf("Let's see how they stack up."); return 0; } 2.2. 분석 제공된 압축 파일을 풀어보면 libc, libm, 문제파일, 소스코드가 포함되어있다. 프로그램을 실행해보..

Hackappatoi CTF 2022 - [PWN] heap baby v2

1. intro 2. code 및 분석 2.1. code int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { unsigned int choice; // [rsp+1Ch] [rbp-4h] setup(); while ( 1 ) { choice = menu(); if ( choice == 3 ) break; if ( choice 4 ) { puts("nope is not a place that!"); } else { user_idx *= 2; v0 = user_idx; user_tuples[v0] = (char *)malloc(0x10uLL); v1 = user_idx + 1; user_tuples[v1] = (char *..

Hackappatoi CTF 2022 - [PWN] Endless Queue

1. intro 2. code 및 분석 2.1. code int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { setup(); banner(); bar_queue(); } void __fastcall __noreturn bar_queue() { unsigned int v0; // eax unsigned int hours; // [rsp+Ch] [rbp-54h] char buffer[64]; // [rsp+10h] [rbp-50h] BYREF unsigned __int64 v3; // [rsp+58h] [rbp-8h] v3 = __readfsqword(0x28u); memset(buffer, 0, sizeof(buffer..

Hackappatoi CTF 2022 - [PWN] Sanity drink

1. intro 2. code 및 분석 2.1. code int __cdecl main(int argc, const char **argv, const char **envp) { char user_password[32]; // [rsp+0h] [rbp-50h] BYREF char otp_password[32]; // [rsp+20h] [rbp-30h] BYREF unsigned __int64 v7; // [rsp+48h] [rbp-8h] v7 = __readfsqword(0x28u); puts("------------------------------------------------------------"); puts("---------------[ Pwners Secret Club Access ]-----..

Dreamhack CTF Season 2 Round #11 - [PWN] Cat Jump

보호되어 있는 글입니다.