# write-up63 [LOB] assassin -> zombie_assassin /* The Lord of the BOF : The Fellowship of the BOF - zombie_assassin - FEBP*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(argv[1][47] == '\x40') { printf("library retbayed you, too!!\n"); exit(0); } // strncpy instead of strcpy!strncpy(buffer, argv[1], 48); pri.. 2016. 12. 7. [LOB] giant -> assassin /* The Lord of the BOF : The Fellowship of the BOF - assassin - no stack, no RTL*/ #include #include main(int argc, char *argv[]){char buffer[40]; if(argc < 2){printf("argv error\n");exit(0);} if(argv[1][47] == '\xbf'){printf("stack retbayed you!\n");exit(0);} if(argv[1][47] == '\x40') { printf("library retbayed you, too!!\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer); // buffe.. 2016. 12. 7. [LOB] bugbear -> giant /* The Lord of the BOF : The Fellowship of the BOF - giant - RTL2*/ #include #include #include main(int argc, char *argv[]){char buffer[40];FILE *fp;char *lib_addr, *execve_offset, *execve_addr;char *ret; if(argc < 2){printf("argv error\n");exit(0);} // gain address of execvefp = popen("/usr/bin/ldd /home/giant/assassin | /bin/grep libc | /bin/awk '{print $4}'", "r"); // ldd 명령어 - 프로그램 또는 공유 라이브.. 2016. 12. 6. [RC3 2016] 메모리 포렌식 - 500pt 얼마 전 'RC3 2016' CTF에서 재밌는 메모리 포렌식 문제가 나왔다. 500pt로 포렌식 분야에서 배점이 가장 높았고 유일하게 못 푼 문제였다. 'TrueCrypt'에 관한 문제였는데, 목표를 잘 못 잡아 결국 풀지 못했다. ddddh@siftworkstation:~/Desktop/CTF/rc3/forensics$ vol.py -f memdump.raw imageinfoVolatility Foundation Volatility Framework 2.4Determining profile based on KDBG search... Suggested Profile(s) : Win7SP0x64, Win7SP1x64, Win2008R2SP0x64, Win2008R2SP1x64 AS Layer1 : AMD6.. 2016. 11. 27. 이전 1 ··· 11 12 13 14 15 16 다음
