Recent Posts
Recent Comments
목록Wargames/Exploit-Exercises (4)
Zer0 day
[Exploit-Exercise] Fusion level02
Fusion Level02- There is xor encryption with random value. First getting xor table.- just ROP!. leaking write() address and get system() address with 'offset'.- i just use system(). There is another way to get shell. execve()- Using execve() would be mo..
Wargames/Exploit-Exercises
2016.08.29 21:57
[Exploit-Exercise] Fusion level01
Fusion Level01 - Still NX is disabled but ASLR is on. - Now, we can't get buffer address from binary. - All u need is 'jmp esp' gadget 1234567891011121314151617from pwn import * # dup2(0, 0) + dup2(0, ..
Wargames/Exploit-Exercises
2016.08.29 02:49
[Exploit-Exercise] Fusion level00
Fusion Level00- There aren't any memory protections even NX. So i just use shell-code.- That service is on port 20000. and be careful at 'fd'.- In fix_path(), There is stack buffer overflow vulnerability.- RET -> 140 ~ 143 123456789101112131415161718..
Wargames/Exploit-Exercises
2016.08.29 00:19