d2n0s4ur

[HackCTF] x64 buffer overflow

2021.08.08·

WriteUp/HackCTF

callMeMaybe라는 함수를 호출하면 shell이 따지는 구조인 듯 하다. Dump of assembler code for function callMeMaybe: 0x0000000000400606 : push rbp 0x0000000000400607 : mov rbp,rsp 0x000000000040060a : sub rsp,0x20 0x000000000040060e : mov QWORD PTR [rbp-0x20],0x400734 0x0000000000400616 : mov QWORD PTR [rbp-0x18],0x40073e 0x000000000040061e : mov QWORD PTR [rbp-0x10],0x0 0x0000000000400626 : mov rax,QWORD PTR [rbp-0x20..

[HackCTF] Basic_BOF #2

2021.08.08·

WriteUp/HackCTF

마찬가지로 NX 가 Enabled, Canary는 Disabled된 상태. 쉘코드 삽입은 불가능해보인다. shell이라는 함수가 의심스럽다. Dump of assembler code for function shell: 0x0804849b : push ebp 0x0804849c : mov ebp,esp 0x0804849e : sub esp,0x8 0x080484a1 : sub esp,0xc 0x080484a4 : push 0x80485a0 0x080484a9 : call 0x8048370 0x080484ae : add esp,0x10 0x080484b1 : nop 0x080484b2 : leave 0x080484b3 : ret End of assembler dump. system 함수를 통해 shell을 ..

[HackCTF] Basic_BOF #1

2021.08.08·

WriteUp/HackCTF

CANARY가 Disabled 되어있다. NX는 Enabled 되어 있어 쉘코드의 실행은 불가능해보인다. Dump of assembler code for function main: 0x080484cb : lea ecx,[esp+0x4] 0x080484cf : and esp,0xfffffff0 0x080484d2 : push DWORD PTR [ecx-0x4] 0x080484d5 : push ebp 0x080484d6 : mov ebp,esp 0x080484d8 : push ecx 0x080484d9 : sub esp,0x34 0x080484dc : mov DWORD PTR [ebp-0xc],0x4030201 0x080484e3 : mov eax,ds:0x804a040 0x080484e8 : sub esp..

티스토리툴바