![[hackctf] Pwning 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FVuBjL%2Fbtq2NyH9ThX%2FIKCvbER80JbwPOrkWTuep1%2Fimg.png)
War Games/hack-ctf
[hackctf] Pwning
문제 소스 int vuln() { char nptr; // [esp+1Ch] [ebp-2Ch] int v2; // [esp+3Ch] [ebp-Ch] printf("How many bytes do you want me to read? "); get_n((int)&nptr, 4u); v2 = atoi(&nptr); if ( v2 > 32 ) return printf("No! That size (%d) is too large!\n", v2); printf("Ok, sounds good. Give me %u bytes of data!\n", v2); get_n((int)&nptr, v2); return printf("You said: %s\n", &nptr); } 보호기법 gdb-peda$ checksec CA..
![[hackctf] gift 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbQWDTD%2Fbtq2OPWD0GN%2F8yLIVkov2h7Nzj5RpDGe91%2Fimg.png)
War Games/hack-ctf
[hackctf] gift
문제 소스 int __cdecl main(int argc, const char **argv, const char **envp) { char s; // [esp+0h] [ebp-84h] alarm(0x3Cu); setvbuf(stdout, 0, 2, 0); setvbuf(stdin, 0, 2, 0); setvbuf(stderr, 0, 2, 0); printf("Hey guyssssssssss here you are: %p %p\n", &binsh, &system); fgets(&s, 0x80, stdin); printf(&s); gets(&s); return 0; } 보호기법 gdb-peda$ checksec CANARY : disabled FORTIFY : disabled NX : ENABLED PIE ..
![[hackctf] Look at me 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FBwVtL%2Fbtq2Mz8xtO7%2FjSKpFfMggtgPjhsscm9L30%2Fimg.png)
War Games/hack-ctf
[hackctf] Look at me
문제 소스 int __cdecl main(int argc, const char **argv, const char **envp) { int v3; // ST1C_4 setvbuf(stdout, 0, 2, 0); v3 = getegid(); setresgid(v3, v3, v3); look_at_me(); return 0; } _BYTE *look_at_me() { char v1; // [esp+0h] [ebp-18h] puts("Hellooooooooooooooooooooo"); return gets(&v1); } 보호기법 gdb-peda$ checksec CANARY : disabled FORTIFY : disabled NX : ENABLED PIE : disabled RELRO : Partial 문제 ..
![[hackctf] Beginner_Heap 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FeVIb2r%2Fbtq2NdqFxDp%2F6XpiuAHdhoTRWI8clYjqEK%2Fimg.png)
War Games/hack-ctf
[hackctf] Beginner_Heap
문제 소스 void __fastcall __noreturn main(__int64 a1, char **a2, char **a3) { void *v3; // ST10_8 void *v4; // ST18_8 char s; // [rsp+20h] [rbp-1010h] unsigned __int64 v6; // [rsp+1028h] [rbp-8h] v6 = __readfsqword(0x28u); v3 = malloc(0x10uLL); *(_DWORD *)v3 = 1; *((_QWORD *)v3 + 1) = malloc(8uLL); v4 = malloc(0x10uLL); *(_DWORD *)v4 = 2; *((_QWORD *)v4 + 1) = malloc(8uLL); fgets(&s, 4096, stdin); s..
![[hackctf] RTL_Core 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FdtyYUH%2Fbtq2Xi4KfY4%2FUzCxCkPUeW69AzP3nturK1%2Fimg.png)
War Games/hack-ctf
[hackctf] RTL_Core
문제 소스 int __cdecl main(int argc, const char **argv, const char **envp) { char s; // [esp+Ch] [ebp-1Ch] setvbuf(_bss_start, 0, 2, 0); puts(&::s); printf("Passcode: "); gets(&s); if ( check_passcode((int)&s) == hashcode ) { puts(&byte_8048840); core(); } else { puts(&byte_8048881); } return 0; } int __cdecl check_passcode(int a1) { int v2; // [esp+8h] [ebp-8h] signed int i; // [esp+Ch] [ebp-4h] v2..
![[hackctf] Random Key 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FtRqmH%2Fbtq2QTxG4Cr%2FI09qOj2ODmLFMdgWMq2aM0%2Fimg.png)
War Games/hack-ctf
[hackctf] Random Key
문제 소스 int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { unsigned int v3; // eax int v4; // [rsp+0h] [rbp-10h] int v5; // [rsp+4h] [rbp-Ch] unsigned __int64 v6; // [rsp+8h] [rbp-8h] v6 = __readfsqword(0x28u); setbuf(_bss_start, 0LL); v4 = 0; v3 = time(0LL); srand(v3); v5 = rand(); puts("============================"); puts(asc_400948); puts("===========================..
![[hackctf] 1996 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FApaVA%2Fbtq2NyH3dXO%2FK7xEfGLXG2xvGieri0JOs1%2Fimg.png)
War Games/hack-ctf
[hackctf] 1996
문제 소스 int __cdecl main(int argc, const char **argv, const char **envp) { __int64 v3; // rdx __int64 v4; // rax __int64 v5; // rdx __int64 v6; // rbx char *v7; // rax __int64 v8; // rdx __int64 v9; // rax char name; // [rsp+0h] [rbp-410h] std::operator(&std::cin, &name); v4 = std::operator
![[hackctf] Poet 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FMNnqK%2Fbtq2Ndc7YnF%2FX10UPvk7nB4zW9phLfMpb1%2Fimg.png)
War Games/hack-ctf
[hackctf] Poet
문제 소스 int __cdecl __noreturn main(int argc, const char **argv, const char **envp) { setvbuf(_bss_start, 0LL, 2, 0LL); puts(s); while ( 1 ) { get_poem(); get_author(); rate_poem(); if ( dword_6024E0 == 0xF4240 ) break; puts(asc_400D78); } reward(); } __int64 get_author() { printf(&byte_400C38); return gets((__int64)&unk_6024A0); } void __noreturn reward() { char s; // [rsp+0h] [rbp-90h] FILE *str..
![[hackctf] RTL_World 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FcJaZQR%2Fbtq2NEBdXpk%2FzbQZPMdrl7vLrdH1wJNNw1%2Fimg.png)
War Games/hack-ctf
[hackctf] RTL_World
문제 소스 int __cdecl main(int argc, const char **argv, const char **envp) { int result; // eax int v4; // [esp+0h] [ebp-A0h] int v5; // [esp+10h] [ebp-90h] char buf; // [esp+14h] [ebp-8Ch] void *v7; // [esp+94h] [ebp-Ch] void *handle; // [esp+98h] [ebp-8h] void *s1; // [esp+9Ch] [ebp-4h] setvbuf(stdout, 0, 2, 0); handle = dlopen("/lib/i386-linux-gnu/libc.so.6", 1); v7 = dlsym(handle, "system"); dlc..
![[hackctf] Yes or no 포스팅 썸네일 이미지](https://img1.daumcdn.net/thumb/R750x0/?scode=mtistory2&fname=https%3A%2F%2Fblog.kakaocdn.net%2Fdn%2FbXklUW%2Fbtq2NrhNSwK%2F4gjHJziDd1fYXwfZZsZOck%2Fimg.png)
War Games/hack-ctf
[hackctf] Yes or no
문제 소스 int __cdecl main(int argc, const char **argv, const char **envp) { int v3; // eax int v4; // eax int v5; // ecx int v6; // eax int v7; // eax char s; // [rsp+Eh] [rbp-12h] int v10; // [rsp+18h] [rbp-8h] int v11; // [rsp+1Ch] [rbp-4h] setvbuf(stdout, 0LL, 2, 0LL); v11 = 5; puts("Show me your number~!"); fgets(&s, 10, stdin); v10 = atoi(&s); if ( (v11 - 10) >> 3 < 0 ) { v4 = 0; } else { v3 =..
