pwn

Security Fest 2019 Pwn Baby2

Baby2 When Swordfish came out, these were considered some state of the art techniques. Let's see if you have what it takes. settings Service: nc baby-01.pwn.beer 10002 cloud_download Download: baby2.tar.gz baby2.tar.gz を解凍するとbaby2とl…

Security Fest 2019 Pwn Baby1

Baby1 When Swordfish came out, these were considered some state of the art techniques. Let's see if you have what it takes. settings Service: nc baby-01.pwn.beer 10001 cloud_download Download: baby1.tar.gz baby1.tar.gzを解凍するとbaby1が与…

ångstromCTF Binary Chain of Rope

Chain of Rope defund found out about this cool new dark web browser! While he was browsing the dark web he came across this service that sells rope chains on the black market, but they're super overpriced! He managed to get the source code…

ångstromCTF Binary Aquarium

Binary Aquarium Here's a nice little program that helps you manage your fish tank. Run it on the shell server at /problems/2019/aquarium/ or connect with nc shell.actf.co 19305. Author: kmh11 ソースコードと実行ファイルが与えられる。 #inclu…

CBM CTF 2019 Pwn pwn5

pwn5 Ananlyse the binary and get flag at: nc 35.231.63.121 1342 $ file pwn5 pwn5: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=773d0…

CBM CTF 2019 Pwn pwn3

pwn3 reverse the binary and submit number at: nc 35.231.63.121 1340 $ file pwn03 pwn03: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]…

CBM CTF 2019 Pwn pwn2

pwn2 analyze the binary and exploit server at: nc 35.231.63.121 1339 $ file pwn02 pwn02: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1…

CBM CTF 2019 Pwn pwn1

pwn1 reverse the binary and exploit server at: nc 35.231.63.121 1337 $ file pwn1.elf pwn1.elf: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildI…

BSidesSF 2019 CTF Pwn runit

runit Send code to the server, and it'll run! Grab the flag from /home/ctf/flag.txt Location - runit-5094b2cb.challenges.bsidessf.net:5252 $ file runit runit: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (us…

TAMUctf 19 Writeup pwn Pwn1

Pwn1 $ file pwn1 pwn1: ELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 3.2.0, BuildID[sha1]=d126d8e3812dd7aa1accb16feac888c99841f504, not stripped $ checksec.sh --file pwn1 …

pwnable tw start

# exploit.py from pwn import * # pwntools repository # https://github.com/Gallopsled/pwntools # pwntools documents, reference # http://docs.pwntools.com/en/stable/index.html # https://qiita.com/8ayac/items/12a3523394080e56ad5a def send_pay…

僕はROPが理解出来ない(はがない)

※本記事は合ってるかどうか保証出来かねます。また、発言は個人の意見です。 pwnをする上で最低限必要とされてるROPが理解出来なかったのでROP学習の定番ropasaurusrexをなぞってROPを学習する。 結局何が理解出来なかったのかというと pwn → わかる ガジェ…