Home

네모로직 문제가 나왔다. 네모칸을 클릭하면 검정색으로 변하게 된다. 매우 쉬운 네모로직이므로 풀고 ‘gogo’버튼을 눌러 보았다. 이름 입력 받는 창이 나오게 되고 입력하고 ‘write’를 누르면, 내 아이피와 아이디, 그리고 answer값이 표시된다. 여기서 answer값은 소스코드를 보면 알 수 있다. <td onclick="if(this.style.background!='black') { this.style.background='black'; kk._1.value=1; } else { this.style.background='white';kk._1.value=0; }" >&...

keyword : cookie 변조 <? if(!$_COOKIE[user_lv]) { SetCookie("user_lv","1"); echo("<meta http-equiv=refresh content=0>"); } ?> <html> <head> <title>Challenge 1</title> </head> <body bgcolor=black> <center> <br><br><br><br><br> <font color=white> -------------...

got Overwriting Remote /* The Lord of the BOF : The Fellowship of the BOF - dark_stone - Remote BOF on Fedora Core 3 - hint : GOT overwriting again - port : TCP 8888 */ #include <stdio.h> // magic potion for you from socket import * void pop_pop_ret(void) { asm("pop %eax"); asm("pop %eax"); asm("ret"); } int main() { c...

got overwriting /* The Lord of the BOF : The Fellowship of the BOF - evil_wizard - Local BOF on Fedora Core 3 - hint : GOT overwriting */ // magic potion for you void pop_pop_ret(void) { asm("pop %eax"); asm("pop %eax"); asm("ret"); } int main(int argc, char *argv[]) { char buffer[256]; char saved_sfp[4]; int length; if...

Another Fake EBP or got Overwriting /* The Lord of the BOF : The Fellowship of the BOF - hell_fire - Remote BOF on Fedora Core 3 - hint : another fake ebp or got overwriting - port : TCP 7777 */ #include <stdio.h> int main() { char buffer[256]; char saved_sfp[4]; char temp[1024]; printf("hell_fire : What's this smell?...

RET Sleding /* The Lord of the BOF : The Fellowship of the BOF - dark_eyes - Local BOF on Fedora Core 3 - hint : RET sleding */ int main(int argc, char *argv[]) { char buffer[256]; char saved_sfp[4]; if(argc < 2){ printf("argv error\n"); exit(0); } // save sfp memcpy(saved_sfp, buffer+264, 4); // overflow!! ...

Fake SFP + ASCII /* The Lord of the BOF : The Fellowship of the BOF - iron_golem - Local BOF on Fedora Core 3 - hint : fake ebp */ int main(int argc, char *argv[]) { char buffer[256]; if(argc < 2){ printf("argv error\n"); exit(0); } strcpy(buffer, argv[1]); printf("%s\n", buffer); } f6dea000-f6df1...

ReadMe [FC3 - 총 5문제] FC1~FC3까지 동일 환경이기 때문에 FC3 환경에서부터 시작합니다. [주소] http://hackerschool.org/TheLordofBOF/VM_FC3.zip [환경 요약] Stack Dummy : O Down privileage of bash : O Random Stack : O Random Library : X Random Program Binary Mapped : X ASCII Armor : O Non-Executable Stack : O Non-Executable Heap : O Stack Carany : X Stack Smashing ...