Void

https://pdw0412.github.io AboutA minimal, responsive and feature-rich Jekyll theme for technical writing.pdw0412.github.io 블로그 이전했습니다. 더이상 티스토리는 사용할 것 같지 않고 이미 올린 글들 다시 올릴까 하는데 귀찮으면 안할것 같습니다.

- DryWall- TakeNote- LabGrwon- VC1K DryWall Arch: amd64-64-little RELRO: Full RELRO Stack: No canary found NX: NX enabled PIE: PIE enabled Stripped: No int __cdecl main(int argc, const char **argv, const char **envp){ char s[264]; // [rsp+0h] [rbp-110h] BYREF __int64 v5; // [rsp+108h] [rbp-8h] setvbuf(stdout, 0LL, 2, 0LL); setvbuf(stderr, 0L..

- GOT- Einstein   GOTArch: amd64-64-littleRELRO: Partial RELROStack: Canary foundNX: NX enabledPIE: No PIE (0x400000)Stripped: NoDebuginfo: Yes int __cdecl main(int argc, const char **argv, const char **envp){ int idx; // [rsp+4h] [rbp-Ch] BYREF unsigned __int64 v5; // [rsp+8h] [rbp-8h] v5 = __readfsqword(0x28u); idx = 0; puts("Hey ! I've never seen Game of..

새벽 1시에 시작한 대회여서 포너블만 올솔하고 자러갔다. 포너블 2문제 모두 2등으로 풀어서 퍼블을 놓쳤다.  Fantastic doom$ checksec chall[*] '/chall' Arch: amd64-64-little RELRO: Partial RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x400000) Stripped: No int __cdecl main(int argc, const char **argv, const char **envp){ wctrans_t (**v3)(const char *); // rsi unsigned int v4; /..

//gcc -o chall chall.c -no-pie -z relro -O2 -fno-stack-protector#include #include #include #include uint32_t random_list[10] = {0,};uint64_t total_random = 0;void banner(){ printf(" __ _ _ \n"); printf(" _ _ _ __ ___ __ _ / _| ___ ___ ___ _ __ ___ _ __ (_) | ___ _ __ \n"); printf("| | | | '_ \\/ __|/ _` | |_ / _ ..

YISF 2024 Finals WriteUp ↓https://pdw0412.tistory.com/13 __int64 __fastcall main(__int64 a1, char **a2, char **a3){ int v4; // [rsp+8h] [rbp-38h] BYREF int i; // [rsp+Ch] [rbp-34h] char *s[3]; // [rsp+10h] [rbp-30h] char *v7; // [rsp+28h] [rbp-18h] unsigned __int64 v8; // [rsp+38h] [rbp-8h] v8 = __readfsqword(0x28u); sub_12C4(a1, a2, a3); sub_1329(); v4 = 31; s[0] = "[OSOL] I am very h..

$ checksec bf[*] '/bf' Arch: i386-32-little RELRO: Partial RELRO Stack: Canary found NX: NX enabled PIE: No PIE (0x8048000)int __cdecl main(int argc, const char **argv, const char **envp){ unsigned int i; // [esp+28h] [ebp-40Ch] _BYTE v5[1024]; // [esp+2Ch] [ebp-408h] BYREF unsigned int v6; // [esp+42Ch] [ebp-8h] v6 = __readgsdword(0x14u); setvbuf(stdout,..

...LOAD:0000000000400078 ; PHT Entry 1LOAD:0000000000400078 dd 1 ; Type: LOADLOAD:000000000040007C dd 6 ; FlagsLOAD:0000000000400080 dq 0C62D8h ; File offsetLOAD:0000000000400088 dq 6C62D8h ; Virtual addressLOAD:0000000000400090 dq 6C62D8h ;..

#include #include #include void func(int key){ char overflowme[32]; printf("overflow me : "); gets(overflowme); // smash me! if(key == 0xcafebabe){ system("/bin/sh"); } else{ printf("Nah..\n"); }}int main(int argc, char* argv[]){ func(0xdeadbeef); return 0;} 소스코드를 보면 main()에서 0xdeadbeef를 인자로 가지고 fu..

$ ssh col@pwnable.kr -p2222col@pwnable.kr's password: ____ __ __ ____ ____ ____ _ ___ __ _ ____| \| |__| || \ / || \ | | / _] | |/ ]| \| o ) | | || _ || o || o )| | / [_ | ' / | D )| _/| | | || | || || || |___ | _] | \ | /| | | ` ' || | || _ || O || || [_ __ | \| \| | ..