Writeup: echo2
At first we realize that there is a format string vulnerability by which we can leak the memory addresses of the stack and thus bypassing ASLR. After a few attempts we see that in position %10$p we leak memory address of the stack and at minus 0x20 it would be the pointer of name whose test content we entered was "AAAA". The next step is to create our exploit that makes the leak using pwntools l..
Secret Keeper - Pragyan CTF 19
Write-up - Use After FreePKTeam 1. Register. We start registering a user AAAA. 0x555555554ac3 lea rax, [rbp-0x60] 0x555555554ac7 lea rsi, [rip+0x695] # 0x555555555163 0x555555554ace mov rdi, rax 0x555555554ad1 call 0x5555555548b0 We see a comparison of our input in RAX register. This register contains a memory address of the stack that contains the AAAA input. In RSI register we have the string ..
- Total
- Today
- Yesterday
- Pwnable.kr
- pwnable.xyz
- canary
- use after free
- leak stack memory address
- write primitive
- buffer overflow
- x64dbg
- fake stack frame
- arithmetic overflow/underflow
- html injection
- XSS
- hijacking redirection flow
- open-redirect
- ASM
- Backdoors
- pwnable.tw
- format string
- GOT Dereferencing/Overwriting
- leak libc
- Call oriented programming
- cracking
- dnspy
- one gadget
- return oriented programming
- 32Bit
- Windows
- theFaunia course
- shellcode
- stack pivot
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 |