Writeup: echo2
At first we realize that there is a format string vulnerability by which we can leak the memory addresses of the stack and thus bypassing ASLR. After a few attempts we see that in position %10$p we leak memory address of the stack and at minus 0x20 it would be the pointer of name whose test content we entered was "AAAA". The next step is to create our exploit that makes the leak using pwntools l..
Secret Keeper - Pragyan CTF 19
Write-up - Use After FreePKTeam 1. Register. We start registering a user AAAA. 0x555555554ac3 lea rax, [rbp-0x60] 0x555555554ac7 lea rsi, [rip+0x695] # 0x555555555163 0x555555554ace mov rdi, rax 0x555555554ad1 call 0x5555555548b0 We see a comparison of our input in RAX register. This register contains a memory address of the stack that contains the AAAA input. In RSI register we have the string ..
- Total
- Today
- Yesterday
- stack pivot
- Windows
- dnspy
- theFaunia course
- Pwnable.kr
- buffer overflow
- fake stack frame
- shellcode
- one gadget
- cracking
- Backdoors
- GOT Dereferencing/Overwriting
- pwnable.tw
- use after free
- pwnable.xyz
- open-redirect
- 32Bit
- html injection
- return oriented programming
- Call oriented programming
- canary
- format string
- XSS
- ASM
- leak libc
- leak stack memory address
- write primitive
- arithmetic overflow/underflow
- hijacking redirection flow
- x64dbg
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | ||
| 6 | 7 | 8 | 9 | 10 | 11 | 12 |
| 13 | 14 | 15 | 16 | 17 | 18 | 19 |
| 20 | 21 | 22 | 23 | 24 | 25 | 26 |
| 27 | 28 | 29 | 30 |