[HackCTF] RTL_World
·
WriteUp/HackCTF
gdb를 이용해 파일을 디스어셈블시키자. 0x08048983 : push ebp 0x08048984 : mov ebp,esp 0x08048986 : sub esp,0xa0 0x0804898c : mov eax,ds:0x804b060 0x08048991 : mov DWORD PTR [esp+0xc],0x0 0x08048999 : mov DWORD PTR [esp+0x8],0x2 0x080489a1 : mov DWORD PTR [esp+0x4],0x0 0x080489a9 : mov DWORD PTR [esp],eax 0x080489ac : call 0x8048600 0x080489b1 : mov DWORD PTR [ebp-0x8],0x0 0x080489b8 : mov DWORD PTR [esp+0x4],0x..
[HackCTF] ROP
·
WriteUp/HackCTF
0x08048470 : lea ecx,[esp+0x4] 0x08048474 : and esp,0xfffffff0 0x08048477 : push DWORD PTR [ecx-0x4] 0x0804847a : push ebp 0x0804847b : mov ebp,esp 0x0804847d : push ecx 0x0804847e : sub esp,0x4 0x08048481 : call 0x804844b 0x08048486 : sub esp,0x4 0x08048489 : push 0xe 0x0804848b : push 0x8048530 0x08048490 : push 0x1 0x08048492 : call 0x8048340 0x08048497 : add esp,0x10 0x0804849a : mov eax,0x0..
[HackCTF] x64 buffer overflow
·
WriteUp/HackCTF
callMeMaybe라는 함수를 호출하면 shell이 따지는 구조인 듯 하다. Dump of assembler code for function callMeMaybe: 0x0000000000400606 : push rbp 0x0000000000400607 : mov rbp,rsp 0x000000000040060a : sub rsp,0x20 0x000000000040060e : mov QWORD PTR [rbp-0x20],0x400734 0x0000000000400616 : mov QWORD PTR [rbp-0x18],0x40073e 0x000000000040061e : mov QWORD PTR [rbp-0x10],0x0 0x0000000000400626 : mov rax,QWORD PTR [rbp-0x20..
[HackCTF] Basic_BOF #2
·
WriteUp/HackCTF
마찬가지로 NX 가 Enabled, Canary는 Disabled된 상태. 쉘코드 삽입은 불가능해보인다. shell이라는 함수가 의심스럽다. Dump of assembler code for function shell: 0x0804849b : push ebp 0x0804849c : mov ebp,esp 0x0804849e : sub esp,0x8 0x080484a1 : sub esp,0xc 0x080484a4 : push 0x80485a0 0x080484a9 : call 0x8048370 0x080484ae : add esp,0x10 0x080484b1 : nop 0x080484b2 : leave 0x080484b3 : ret End of assembler dump. system 함수를 통해 shell을 ..
[HackCTF] Basic_BOF #1
·
WriteUp/HackCTF
CANARY가 Disabled 되어있다. NX는 Enabled 되어 있어 쉘코드의 실행은 불가능해보인다. Dump of assembler code for function main: 0x080484cb : lea ecx,[esp+0x4] 0x080484cf : and esp,0xfffffff0 0x080484d2 : push DWORD PTR [ecx-0x4] 0x080484d5 : push ebp 0x080484d6 : mov ebp,esp 0x080484d8 : push ecx 0x080484d9 : sub esp,0x34 0x080484dc : mov DWORD PTR [ebp-0xc],0x4030201 0x080484e3 : mov eax,ds:0x804a040 0x080484e8 : sub esp..
d2n0s4ur
'분류 전체보기' 카테고리의 글 목록 (2 Page)
상단으로

티스토리툴바