로터스 로터스

전체 글

• pwn-100

  CTF/XCTF 2021. 2. 11. 02:52

  Disassembly 디스어셈블리 undefined8 main() { setbuf(_reloc.stdin, 0); setbuf(_reloc.stdout, 0); do(); return 0; } void do() { int64_t var_40h; // rbp-0x40 _read(&var_40h, 200); puts("bye~"); return; } void _read(void *addr, undefined8 size) { for(int i=0; i

  Read More

• welpwn

  CTF/XCTF 2021. 2. 11. 02:27

  Disassembly 디스어셈블리 undefined8 main(void) { void *buf; write(1, "Welcome to RCTF\n", 0x10); fflush(_reloc.stdout); read(0, &buf, 0x400); echo(&buf); return 0; } main은 0x400바이트를 입력받아 echo를 호출한다. void echo(char *dest) { char *dest; // rbp-0x10 strcpy(dest, src); // stack buffer overflow if (strcmp("ROIS", dest) == 0) { printf("RCTF{Welcome}"); puts(" is not flag"); } printf("%s", dest); return; } e..

  Read More

• Mary_Morton

  CTF/XCTF 2021. 2. 11. 00:33

  Disassembly 디스어셈블리 void main() { init(); puts("Welcome to the battle ! "); puts("[Great Fairy] level pwned "); puts("Select your weapon "); while( true ) { menu(); scanf("%d", &num); if (num == 1) { bof(); } else if (num == 2) { fsb(); } else if (num == 3) { break; } else { puts("Wrong!"); } } puts("Bye "); exit(0); } main에서는 bof와 fsb를 호출할 수 있다. void fsb(void) { undefined8 str; // rbp - 0x90 mem..

  Read More

• World Best Encryption Tool

  CTF/HackCTF 2021. 2. 9. 03:56

  Disassembly 디스어셈블리 undefined8 main(void) { int32_t iVar1; int64_t in_FS_OFFSET; int64_t var_88h; char *src; char *dest; int64_t canary; canary = *(int64_t *)(in_FS_OFFSET + 0x28); setvbuf(_reloc.stdout, 0, 2, 0); do { puts("Your text)"); __isoc99_scanf("%s", &src); // stack buffer overflow for (int i = 0; i < 0x32; i++) { src[i] ^= 0x1c; } strncpy(&dest, &src, 0x39); printf("Encrypted text)\n%s"..

  Read More

• UAF

  CTF/HackCTF 2021. 2. 9. 02:07

  Disassembly 디스어셈블리 void main(void) { int32_t num; setvbuf(_reloc.stdout, 0, 2, 0); setvbuf(_reloc.stdin, 0, 2, 0); do { menu(); read(0, auStack24, 4); num = atoi(auStack24); switch(num) { default: puts("유효하지 않는 값입니다."); break; case 1: add_note(); break; case 2: del_note(); break; case 3: print_note(); break; case 4: exit(0); } } while( true ); } main은 다음에 실행할 명령을 입력받는다. void add_note(void) { und..

  Read More

• Beginner_Heap

  CTF/HackCTF 2021. 2. 9. 00:30

  Disassembly 디스어셈블리 void main(undefined8 argc, char **argv) { undefined4 *puVar1; undefined8 uVar2; undefined4 *puVar3; char *src; puVar1 = (undefined4 *)malloc(0x10); *puVar1 = 1; uVar2 = malloc(8); *(undefined8 *)(puVar1 + 2) = uVar2; puVar3 = (undefined4 *)malloc(0x10); *puVar3 = 2; uVar2 = malloc(8); *(undefined8 *)(puVar3 + 2) = uVar2; fgets(&src, 0x1000, _reloc.stdin); strcpy(*(undefined8 *..

  Read More

• j0n9hyun's secret

  CTF/HackCTF 2021. 2. 7. 21:12

  Disassembly 디스어셈블리 undefined8 main() { setvbuf(*(int64_t *)0x6ca748, 0, 2, 0); setvbuf(*(int64_t *)0x6ca740, 0, 2, 0); setvbuf(*(int64_t *)0x6ca738, 0, 2, 0); iVar2 = 0x72; *(undefined4 *)0x6cce98 = open("top_secret"); iVar2 = printf("input name: "); scanf("%s", 0x6ccd60); iVar1 = read(*(undefined4 *)0x6cce98, 0x6ccd6a, 300); write(1, 0x6ccd6a, (int64_t)iVar1); return 0; } main은 top_secret이라는 이름..

  Read More

• [DiceCTF 2021] flippidy

  CTF/WRITEUP 2021. 2. 6. 20:07

  Disassembly 디스어셈블리 void main(void) { init(); printf("%s", "To get started, first tell us how big your notebook will be: "); s = input(); // size of notebook heap_address = malloc(s

  Read More