분류 전체보기

TJCTF 2023 - pwn/formatter

1. intro 2. code 및 분석 2.1. code main int __cdecl main(int argc, const char **argv, const char **envp) { char s[268]; // [rsp+0h] [rbp-110h] BYREF int i; // [rsp+10Ch] [rbp-4h] setbuf(_bss_start, 0LL); xd = calloc(1uLL, 4uLL); printf("give me a string (or else): "); fgets(s, 256, stdin); printf(s); r1(s[0]); if ( win() ) { for ( i = 0; i

TJCTF 2023 - pwn/groppling-hook

1. intro 2. code 및 분석 2.1. code #include "stdio.h" #include void laugh() { printf("ROP detected and denied...\n"); exit(2); } void win() { FILE *fptr; char buf[28]; // Open a file in read mode fptr = fopen("flag.txt", "r"); fgets(buf, 28, fptr); puts(buf); } void pwnable() { char buffer[10]; printf(" > "); fflush(stdout); read(0, (char *)buffer, 56); /* Check ret */ __asm__ __volatile__("add $0x..

TJCTF 2023 - pwn/shelly

1. intro 2. code 및 분석 2.1. code int __cdecl main(int argc, const char **argv, const char **envp) { char s[256]; // [rsp+0h] [rbp-100h] BYREF setbuf(stdout, 0LL); printf("0x%lx\n", s); fgets(s, 512, stdin); for ( i = 0; i checksec chall [*] '/home/wyv3rn/ctf/chall' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX disabled PIE: No PIE (0x400000) RWX: Has RWX segments 더불어 프로..

TJCTF 2023 - pwn/flip-out

1. intro 2. code 및 분석 2.1. code int __cdecl main(int argc, const char **argv, const char **envp) { int result; // eax int v4; // [rsp+4h] [rbp-BCh] FILE *stream; // [rsp+8h] [rbp-B8h] char nptr[48]; // [rsp+10h] [rbp-B0h] BYREF __int64 v7; // [rsp+40h] [rbp-80h] __int64 v8; // [rsp+48h] [rbp-78h] __int64 v9; // [rsp+50h] [rbp-70h] __int64 v10; // [rsp+58h] [rbp-68h] __int64 v11; // [rsp+60h] [rb..

TJCTF 2023 - pwn/teenage-game

1. intro 2. code 및 분석 2.1. code main int __cdecl main(int argc, const char **argv, const char **envp) { char v3; // al int v5[2]; // [rsp+8h] [rbp-A98h] BYREF char v6[2704]; // [rsp+10h] [rbp-A90h] BYREF setup_terminal(argc, argv, envp); setvbuf(stdout, stdout_buf, 0, 0x1000uLL); init_player(v5); init_map(v6, v5); print_map(v6); signal(2, sigint_handler); while ( v5[0] != 29 || v5[1] != 89 ) { v..

STB-lsExecutor

보호되어 있는 글입니다.

simple-web-request

보호되어 있는 글입니다.

goblin

1. intro 세번째 문제. 2. code 및 분석 2.1. code query : select id from prob_goblin where id='guest' and no=

cobolt

1. intro 두번째 문제. 2. code 및 분석 2.1. code query : select id from prob_cobolt where id='' and pw=md5('')

mango

1. intro 2. code 및 분석 2.1. code main.js const express = require('express'); const app = express(); const mongoose = require('mongoose'); mongoose.connect('mongodb://localhost/main', { useNewUrlParser: true, useUnifiedTopology: true }); const db = mongoose.connection; // flag is in db, {'uid': 'admin', 'upw': 'DH{32alphanumeric}'} const BAN = ['admin', 'dh', 'admi']; filter = function(data){ cons..