Exploit

CBM CTF 2019 Pwn pwn5

pwn5 Ananlyse the binary and get flag at: nc 35.231.63.121 1342 $ file pwn5 pwn5: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=773d0…

CBM CTF 2019 Pwn pwn3

pwn3 reverse the binary and submit number at: nc 35.231.63.121 1340 $ file pwn03 pwn03: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]…

CBM CTF 2019 Pwn pwn2

pwn2 analyze the binary and exploit server at: nc 35.231.63.121 1339 $ file pwn02 pwn02: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1…

CBM CTF 2019 Pwn pwn1

pwn1 reverse the binary and exploit server at: nc 35.231.63.121 1337 $ file pwn1.elf pwn1.elf: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildI…

TAMUctf 19 Writeup pwn Pwn1

Pwn1 $ file pwn1 pwn1: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 3.2.0, BuildID[sha1]=d126d8e3812dd7aa1accb16feac888c99841f504, not stripped $ checksec.sh --file pwn1 …

pwnable tw start

# exploit.py from pwn import * # pwntools repository # https://github.com/Gallopsled/pwntools # pwntools documents, reference # http://docs.pwntools.com/en/stable/index.html # https://qiita.com/8ayac/items/12a3523394080e56ad5a def send_pay…

僕はROPが理解出来ない(はがない)

※本記事は合ってるかどうか保証出来かねます。また、発言は個人の意見です。 pwnをする上で最低限必要とされてるROPが理解出来なかったのでROP学習の定番ropasaurusrexをなぞってROPを学習する。 結局何が理解出来なかったのかというと pwn → わかる ガジェ…